registry  /  @zibby/core  /  0.5.21

@zibby/core@0.5.21

⚠ Under review

Core test automation engine with multi-agent and multi-MCP support

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 87 file(s), 672 KB of source, external domains: api-prod.zibby.app, api.openai.com, cursor.com, github.com, studio.zibby.dev

Source & flagged code

8 flagged · loading source
dist/tools/run-playwright-test.jsView file
1import{spawn as T}from"node:child_process";import{existsSync as S}from"node:fs";import{dirname as k,resolve as $,relative as I}from"node:path";var m=new Map,l=8,M={name:"run_playwr... L2: ${f}`.split(`
High
Child Process

Package source references child process execution.

dist/tools/run-playwright-test.jsView on unpkg · L1
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @zibby/core@0.5.20 matchedIdentity = npm:QHppYmJ5L2NvcmU:0.5.20 similarity = 0.908 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
1var an=Object.defineProperty;var ln=(s=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(s,{get:(e,t)=>(typeof require<"u"?require:e)[t]}):s)(function(s){if(typeof require<"u"... L2: `);this.buffer=t.pop()||"";let r="";for(let n of t)if(n.trim())try{let o=JSON.parse(n);this._emitToolCalls(o);let i=this.extractText(o);if(i){if(this.rawText&&i.startsWith(this.raw... L3: `,r+=`${n} ... L12: Use your file writing tool (WriteFile or ApplyPatch) to create this file. L13: DO NOT just output JSON to stdout. The file MUST exist when you finish. L14: DO NOT skip this step. The workflow WILL FAIL if the file is missing. ... L33: L34: `)}getStats(){let e=this.userPrompt.length,t=this.build().length;return{userPromptLength:e,fullPromptLength:t,systemInstructionsLength:t-e,instructionCount:this.systemInstructions.... L35: ${s.slice(-i)}`);let l=`Extract and format the following information into structured JSON matching the schema. ... L39: L40: Extract all relevant information and format it according to the schema. If any required fields are missing, do your best to infer them from the content.`,a={model:J.OPENAI_POSTPROC... L41: Run \`zibby login\` or set ZIBBY_USER_TOKEN environment
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1
55\u25C6 Model: ${f||"auto"}${P} L56: `);let k=(await import("chalk")).default,v=E.getUserPrompt();console.log(` L57: ${k.bold("Prompt sent to LLM:")}`),console.log(k.dim("\u2500".repeat(60))),console.log(k.dim(v)),console.log(k.dim("\u2500".repeat(60)));let j=E.build(),F=E.getStats(),T=["--print"...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L55
1var an=Object.defineProperty;var ln=(s=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(s,{get:(e,t)=>(typeof require<"u"?require:e)[t]}):s)(function(s){if(typeof require<"u"... L2: `);this.buffer=t.pop()||"";let r="";for(let n of t)if(n.trim())try{let o=JSON.parse(n);this._emitToolCalls(o);let i=this.extractText(o);if(i){if(this.rawText&&i.startsWith(this.raw... L3: `,r+=`${n} ... L12: Use your file writing tool (WriteFile or ApplyPatch) to create this file. L13: DO NOT just output JSON to stdout. The file MUST exist when you finish. L14: DO NOT skip this step. The workflow WILL FAIL if the file is missing. ... L33: L34: `)}getStats(){let e=this.userPrompt.length,t=this.build().length;return{userPromptLength:e,fullPromptLength:t,systemInstructionsLength:t-e,instructionCount:this.systemInstructions.... L35: ${s.slice(-i)}`);let l=`Extract and format the following information into structured JSON matching the schema. ... L39: L40: Extract all relevant information and format it according to the schema. If any required fields are missing, do your best to infer them from the content.`,a={model:J.OPENAI_POSTPROC... L41: Run \`zibby login\` or set ZIBBY_USER_TOKEN environment
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L1
dist/strategies/cursor-strategy.jsView file
1import{AgentStrategy as De,DEFAULT_OUTPUT_BASE as Fe,SESSION_INFO_FILE as Ge,STOP_REQUEST_FILE as Be,getAllSkills as Je,getSkill as pe}from"@zibby/agent-workflow";import{spawn as K... L2: `);this.buffer=t.pop()||"";let r="";for(let s of t)if(s.trim())try{let l=JSON.parse(s);this._emitToolCalls(l);let n=this.extractText(l);if(n){if(this.rawText&&n.startsWith(this.raw... L3: `,r+=`${s} ... L12: Use your file writing tool (WriteFile or ApplyPatch) to create this file. L13: DO NOT just output JSON to stdout. The file MUST exist when you finish. L14: DO NOT skip this step. The workflow WILL FAIL if the file is missing. ... L33: L34: `)}getStats(){let e=this.userPrompt.length,t=this.build().length;return{userPromptLength:e,fullPromptLength:t,systemInstructionsLength:t-e,instructionCount:this.systemInstructions.... L35: ${o.slice(-n)}`);let c=`Extract and format the following information into structured JSON matching the schema. ... L39: L40: Extract all relevant information and format it according to the schema. If any required fields are missing, do your best to infer them from the content.`,y={model:z.OPENAI_POSTPROC... L41: Run \`zibby login\` or set ZIBBY_USER_TOKEN environment
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/strategies/cursor-strategy.jsView on unpkg · L1
dist/strategies/index.jsView file
66`),n=null;for(let o of t){let s=o.trim();if(s)try{let i=JSON.parse(s);if(i.type==="assistant"&&i.message?.content){let a=i.message.content;if(Array.isArray(a)){let c=a.filter(d=>d.... L67: `;if(Qe(e)){let S=et(t||process.cwd()),O=Y(S,".cursor","mcp.json");return nt(O,x,"utf8"),l.debug(`[MCP] Isolated cursor-agent HOME (session-scoped mcp.json): ${S} | servers: ${Obje... L68: `)){let k=$.replace(`${n}/`,"");A.has(k)||(A.add(k),R.push(k))}}catch{}let y="";R.length>0&&(y=` | \u{1F4C1} new: ${R.map(C=>C.split("/").pop()).join(", ")}`),A.size>0&&(y+=` | \u{... ... L77: This usually means the binary is not in PATH. Try: L78: echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc && source ~/.zshrc`))})})}};pe();import{AgentStrategy as to,getSkill as oo,NO_INTEGRATION_TOGGLEABLE_SKILL_IDS as no}from"@z... L79: `).slice(0,5).join(` L80: `),stringified:(()=>{try{return JSON.stringify(p,Object.getOwnPropertyNames(Object(p)))}catch{return String(p)}})()};throw l.error(`Error during query stream: ${p?.message||p}`,C),... L81: \u25C6 Model: ${S}${E}
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/strategies/index.jsView on unpkg · L66
66`),n=null;for(let o of t){let s=o.trim();if(s)try{let i=JSON.parse(s);if(i.type==="assistant"&&i.message?.content){let a=i.message.content;if(Array.isArray(a)){let c=a.filter(d=>d.... L67: `;if(Qe(e)){let S=et(t||process.cwd()),O=Y(S,".cursor","mcp.json");return nt(O,x,"utf8"),l.debug(`[MCP] Isolated cursor-agent HOME (session-scoped mcp.json): ${S} | servers: ${Obje... L68: `)){let k=$.replace(`${n}/`,"");A.has(k)||(A.add(k),R.push(k))}}catch{}let y="";R.length>0&&(y=` | \u{1F4C1} new: ${R.map(C=>C.split("/").pop()).join(", ")}`),A.size>0&&(y+=` | \u{... ... L77: This usually means the binary is not in PATH. Try: L78: echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc && source ~/.zshrc`))})})}};pe();import{AgentStrategy as to,getSkill as oo,NO_INTEGRATION_TOGGLEABLE_SKILL_IDS as no}from"@z... L79: `).slice(0,5).join(` L80: `),stringified:(()=>{try{return JSON.stringify(p,Object.getOwnPropertyNames(Object(p)))}catch{return String(p)}})()};throw l.error(`Error during query stream: ${p?.message||p}`,C),... L81: \u25C6 Model: ${S}${E}
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/strategies/index.jsView on unpkg · L66

Findings

1 Critical4 High5 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/tools/run-playwright-test.js
HighSame File Env Network Executiondist/strategies/index.js
HighCredential Exfiltrationdist/index.js
HighCommand Output Exfiltrationdist/strategies/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/strategies/cursor-strategy.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License