registry  /  agent-afk  /  5.15.2

agent-afk@5.15.2

⚠ Under review

Open-source coding-agent harness you can actually change — own the loop (prompts, gates, routing, skills, terminal states), use any model, run long tasks while you're away.

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 2.51 MB of source, external domains: 127.0.0.1, api.exa.ai, api.openai.com, api.telegram.org, chatgpt.com, console.anthropic.com, exa.ai, github.com, no-color.org, platform.claude.com, registry.npmjs.org, www.apple.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/telegram.mjsView file
1#!/usr/bin/env node L2: var QS=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ni=(t,e)=>{for(var n in e)QS(t,n,{get:e[n],enumerable:!0})};function Wr(t){return Kr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Nd(){av(iv(),pe())}function Hi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Sd)th...
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/telegram.mjsView on unpkg · L1
1#!/usr/bin/env node L2: var QS=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ni=(t,e)=>{for(var n in e)QS(t,n,{get:e[n],enumerable:!0})};function Wr(t){return Kr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Nd(){av(iv(),pe())}function Hi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Sd)th...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function bo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Ou(){if(process.platform==="darwin")try{return Pu("security",["find-generic-password","-s","Claude Code-credentials","-a",Cu().username,"-w"],{stdi...
High
Child Process

Package source references child process execution.

dist/telegram.mjsView on unpkg · L147
1#!/usr/bin/env node L2: var QS=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ni=(t,e)=>{for(var n in e)QS(t,n,{get:e[n],enumerable:!0})};function Wr(t){return Kr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Nd(){av(iv(),pe())}function Hi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Sd)th...
High
Shell

Package source references shell execution.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function bo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Ou(){if(process.platform==="darwin")try{return Pu("security",["find-generic-password","-s","Claude Code-credentials","-a",Cu().username,"-w"],{stdi... ... L1039: `).filter(c=>c.trim().length>0);o=a.length>0,s=a.length}r===null&&(o=null,s=null);let i=Yo(t,["remote","get-url","origin"]);return{branch:n,headSha:e,dirty:o,dirtyCount:s,remoteUrl... L1040: `)}catch{}}get toolDefs(){let e=this.permissions?.allowedTools;if(!e)return this.schemas;let n=new Set(e);return this.schemas.filter(r=>n.has(r.name))}checkReadOnlyBash(e){if(!this... L1041: [output truncated \u2014 exceeded 100KB]`,u({content:x,truncated:!0,...A!==void 0?{testResult:A}:{}})}p.stdout.on("data",E=>{let x=S-b,A=E.length<=x?E:E.subarray(0,Math.max(0,x));b... ... L1055: L1056: `).trim()}function IA(t){return(t?.textContent??"").replace(/\s+/g," ").trim().length}function kf(t,e){let r=new xA(t,{url:e}).window.document,o=(r.title??"").trim(),s=null;try{let... L1057:
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/telegram.mjsView on unpkg · L147
1208L1209: `+o}async function pl(t,e){let n=t.map(c=>({hypothesis:c,decision:Yh(c)})).filter(c=>c.decision.verify);if(n.length===0)return{premise_verifications:[],hypotheses_to_test:t};let r=... L1210:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/telegram.mjsView on unpkg · L1208
1#!/usr/bin/env node L2: var QS=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ni=(t,e)=>{for(var n in e)QS(t,n,{get:e[n],enumerable:!0})};function Wr(t){return Kr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Nd(){av(iv(),pe())}function Hi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Sd)th... ... L109: `);Bd(i,a+n,"utf-8")}loadProcedure(e){let n=Gd(e),r=to(Se(this.dir,no)),o=to(r,`${n}.md`);if(qd(o,r),!$n(o))return null;try{return zd(o,eo(o,"utf-8"))}catch{return null}}searchProc... L110: `);for(let s of o)if(s.trim())try{let i=JSON.parse(s);if(!Iv(i)){U("WAL replay: skipping invalid entry:",s.slice(0,200));continue}let a=i;if(a.type==="session_start"){let c=a.data;... L111: INSERT OR IGNORE INTO sessions (session_id, surface, started_at, actor) ... L147: Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function bo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Ou(){if(process.platform==="darwin")try{return Pu("security",["find-generic-passwo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/telegram.mjsView on unpkg · L1
dist/cli.mjsView file
1Trigger-reachable chain: manifest.bin -> dist/cli.mjs L1: #!/usr/bin/env node L2: var YN=Object.defineProperty;var P=(e,t)=>()=>(e&&(t=e(e=0)),t);var xc=(e,t)=>{for(var n in t)YN(e,n,{get:t[n],enumerable:!0})};function Rc(e){return Sa.find(t=>t.name===e)}functio... L3: `)}}}catch{}}function Lv(){Jf(rB(),wt())}function Nv(){Jf(oB(),Gf())}function Bv(){Jf(sB(),Ea())}function Vf(){return Q(Te(),"repl-history.jsonl")}function aB(e){if(typeof e!="stri...
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.mjsView on unpkg · L1

Findings

3 Critical4 High6 Medium4 Low
CriticalSame File Env Network Executiondist/telegram.mjs
CriticalCommand Output Exfiltrationdist/telegram.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/cli.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/telegram.mjs
HighShelldist/telegram.mjs
HighRemote Agent Bridgedist/telegram.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/telegram.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/telegram.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings