registry  /  @zhin.js/agent  /  1.0.3

@zhin.js/agent@1.0.3

Zhin AI Agent — session, ZhinAgent, init; composes @zhin.js/core providers and tools

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 442 file(s), 1.52 MB of source, external domains: console.zhin.dev, example.com, www.bing.com

Source & flagged code

3 flagged · loading source
lib/security/sandbox.jsView file
258try { L259: const { isDockerAvailable } = require('./sandbox-docker.js'); L260: this._dockerAvailable = isDockerAvailable();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/security/sandbox.jsView on unpkg · L258
179} L180: if (lower.includes('eval(') || lower.includes('exec(')) { L181: return '沙箱内禁止执行危险命令模式: eval/exec';
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/security/sandbox.jsView on unpkg · L179
lib/security/network-policy.jsView file
33h.endsWith('.local') || L34: // IPv4 private ranges L35: h.startsWith('10.') || ... L103: allowed: false, L104: reason: `启用 allowedDomains 时,网络命令必须包含可校验的 URL(如 http://example.com)`, L105: };
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

lib/security/network-policy.jsView on unpkg · L33

Findings

1 High4 Medium5 Low
HighCloud Metadata Accesslib/security/network-policy.js
MediumDynamic Requirelib/security/sandbox.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvallib/security/sandbox.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings