registry  /  agent-afk  /  5.15.12

agent-afk@5.15.12

⚠ Under review

Open-source coding-agent harness you can actually change — own the loop (prompts, gates, routing, skills, terminal states), use any model, run long tasks while you're away.

Static Scan Results

scanned 15h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 2.53 MB of source, external domains: 127.0.0.1, api.exa.ai, api.openai.com, api.telegram.org, chatgpt.com, console.anthropic.com, exa.ai, github.com, no-color.org, platform.claude.com, registry.npmjs.org, www.apple.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/telegram.mjsView file
1#!/usr/bin/env node L2: var iv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Gi=(t,e)=>{for(var n in e)iv(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function qd(){gv(mv(),fe())}function Yi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Pd)th...
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/telegram.mjsView on unpkg · L1
1#!/usr/bin/env node L2: var iv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Gi=(t,e)=>{for(var n in e)iv(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function qd(){gv(mv(),fe())}function Yi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Pd)th...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Eo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Hu(){if(process.platform==="darwin")try{return $u("security",["find-generic-password","-s","Claude Code-credentials","-a",Bu().username,"-w"],{stdi...
High
Child Process

Package source references child process execution.

dist/telegram.mjsView on unpkg · L147
1#!/usr/bin/env node L2: var iv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Gi=(t,e)=>{for(var n in e)iv(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function qd(){gv(mv(),fe())}function Yi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Pd)th...
High
Shell

Package source references shell execution.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Eo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Hu(){if(process.platform==="darwin")try{return $u("security",["find-generic-password","-s","Claude Code-credentials","-a",Bu().username,"-w"],{stdi... ... L1039: `).filter(c=>c.trim().length>0);o=a.length>0,s=a.length}r===null&&(o=null,s=null);let i=ts(t,["remote","get-url","origin"]);return{branch:n,headSha:e,dirty:o,dirtyCount:s,remoteUrl... L1040: `)}catch{}}get toolDefs(){let e=this.permissions?.allowedTools;if(!e)return this.schemas;let n=new Set(e);return this.schemas.filter(r=>n.has(r.name))}checkReadOnlyBash(e){if(!this... L1041: [output truncated \u2014 exceeded 100KB]`,u({content:A,truncated:!0,...T!==void 0?{testResult:T}:{}})}p.stdout.on("data",E=>{let A=w-b,T=E.length<=A?E:E.subarray(0,Math.max(0,A));b... ... L1055: L1056: `).trim()}function BA(t){return(t?.textContent??"").replace(/\s+/g," ").trim().length}function Mf(t,e){let r=new NA(t,{url:e}).window.document,o=(r.title??"").trim(),s=null;try{let... L1057:
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/telegram.mjsView on unpkg · L147
1267L1268: `+o}async function kl(t,e){let n=t.map(c=>({hypothesis:c,decision:ly(c)})).filter(c=>c.decision.verify);if(n.length===0)return{premise_verifications:[],hypotheses_to_test:t};let r=... L1269:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/telegram.mjsView on unpkg · L1267
1#!/usr/bin/env node L2: var iv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Gi=(t,e)=>{for(var n in e)iv(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function qd(){gv(mv(),fe())}function Yi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Pd)th... ... L109: `);Jd(i,a+n,"utf-8")}loadProcedure(e){let n=eu(e),r=ao(Ee(this.dir,co)),o=ao(r,`${n}.md`);if(tu(o,r),!jn(o))return null;try{return nu(o,io(o,"utf-8"))}catch{return null}}searchProc... L110: `);for(let s of o)if(s.trim())try{let i=JSON.parse(s);if(!$v(i)){B("WAL replay: skipping invalid entry:",s.slice(0,200));continue}let a=i;if(a.type==="session_start"){let c=a.data;... L111: INSERT OR IGNORE INTO sessions (session_id, surface, started_at, actor) ... L147: Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Eo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Hu(){if(process.platform==="darwin")try{return $u("security",["find-generic-passwo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/telegram.mjsView on unpkg · L1
dist/cli.mjsView file
1Trigger-reachable chain: manifest.bin -> dist/cli.mjs L1: #!/usr/bin/env node L2: var sB=Object.defineProperty;var I=(e,t)=>()=>(e&&(t=e(e=0)),t);var Ac=(e,t)=>{for(var n in t)sB(e,n,{get:t[n],enumerable:!0})};function _c(e){return ka.find(t=>t.name===e)}functio... L3: `)}}}catch{}}function zv(){ng(pB(),kt())}function Jv(){ng(mB(),Qf())}function Vv(){ng(fB(),xa())}function rg(){return Z(xe(),"repl-history.jsonl")}function hB(e){if(typeof e!="stri...
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.mjsView on unpkg · L1

Findings

3 Critical4 High6 Medium4 Low
CriticalSame File Env Network Executiondist/telegram.mjs
CriticalCommand Output Exfiltrationdist/telegram.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/cli.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/telegram.mjs
HighShelldist/telegram.mjs
HighRemote Agent Bridgedist/telegram.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/telegram.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/telegram.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings