registry  /  agent-afk  /  5.15.9

agent-afk@5.15.9

⚠ Under review

Open-source coding-agent harness you can actually change — own the loop (prompts, gates, routing, skills, terminal states), use any model, run long tasks while you're away.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 2.52 MB of source, external domains: 127.0.0.1, api.exa.ai, api.openai.com, api.telegram.org, chatgpt.com, console.anthropic.com, exa.ai, github.com, no-color.org, platform.claude.com, registry.npmjs.org, www.apple.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/telegram.mjsView file
1#!/usr/bin/env node L2: var av=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ki=(t,e)=>{for(var n in e)av(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Gd(){hv(gv(),fe())}function Vi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Rd)th...
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/telegram.mjsView on unpkg · L1
1#!/usr/bin/env node L2: var av=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ki=(t,e)=>{for(var n in e)av(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Gd(){hv(gv(),fe())}function Vi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Rd)th...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Eo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function ju(){if(process.platform==="darwin")try{return Nu("security",["find-generic-password","-s","Claude Code-credentials","-a",Uu().username,"-w"],{stdi...
High
Child Process

Package source references child process execution.

dist/telegram.mjsView on unpkg · L147
1#!/usr/bin/env node L2: var av=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ki=(t,e)=>{for(var n in e)av(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Gd(){hv(gv(),fe())}function Vi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Rd)th...
High
Shell

Package source references shell execution.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Eo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function ju(){if(process.platform==="darwin")try{return Nu("security",["find-generic-password","-s","Claude Code-credentials","-a",Uu().username,"-w"],{stdi... ... L1039: `).filter(c=>c.trim().length>0);o=a.length>0,s=a.length}r===null&&(o=null,s=null);let i=ts(t,["remote","get-url","origin"]);return{branch:n,headSha:e,dirty:o,dirtyCount:s,remoteUrl... L1040: `)}catch{}}get toolDefs(){let e=this.permissions?.allowedTools;if(!e)return this.schemas;let n=new Set(e);return this.schemas.filter(r=>n.has(r.name))}checkReadOnlyBash(e){if(!this... L1041: [output truncated \u2014 exceeded 100KB]`,u({content:A,truncated:!0,...T!==void 0?{testResult:T}:{}})}p.stdout.on("data",E=>{let A=w-b,T=E.length<=A?E:E.subarray(0,Math.max(0,A));b... ... L1055: L1056: `).trim()}function UA(t){return(t?.textContent??"").replace(/\s+/g," ").trim().length}function Cf(t,e){let r=new LA(t,{url:e}).window.document,o=(r.title??"").trim(),s=null;try{let... L1057:
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/telegram.mjsView on unpkg · L147
1213L1214: `+o}async function wl(t,e){let n=t.map(c=>({hypothesis:c,decision:ay(c)})).filter(c=>c.decision.verify);if(n.length===0)return{premise_verifications:[],hypotheses_to_test:t};let r=... L1215:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/telegram.mjsView on unpkg · L1213
1#!/usr/bin/env node L2: var av=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var Ki=(t,e)=>{for(var n in e)av(t,n,{get:e[n],enumerable:!0})};function Yr(t){return Jr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function Gd(){hv(gv(),fe())}function Vi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Rd)th... ... L109: `);Vd(i,a+n,"utf-8")}loadProcedure(e){let n=Zd(e),r=ao(Ee(this.dir,co)),o=ao(r,`${n}.md`);if(eu(o,r),!jn(o))return null;try{return tu(o,io(o,"utf-8"))}catch{return null}}searchProc... L110: `);for(let s of o)if(s.trim())try{let i=JSON.parse(s);if(!Uv(i)){B("WAL replay: skipping invalid entry:",s.slice(0,200));continue}let a=i;if(a.type==="session_start"){let c=a.data;... L111: INSERT OR IGNORE INTO sessions (session_id, surface, started_at, actor) ... L147: Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Eo(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function ju(){if(process.platform==="darwin")try{return Nu("security",["find-generic-passwo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/telegram.mjsView on unpkg · L1
dist/cli.mjsView file
1Trigger-reachable chain: manifest.bin -> dist/cli.mjs L1: #!/usr/bin/env node L2: var rB=Object.defineProperty;var _=(e,t)=>()=>(e&&(t=e(e=0)),t);var Ac=(e,t)=>{for(var n in t)rB(e,n,{get:t[n],enumerable:!0})};function _c(e){return ka.find(t=>t.name===e)}functio... L3: `)}}}catch{}}function Kv(){Qf(uB(),St())}function Gv(){Qf(dB(),Yf())}function qv(){Qf(pB(),xa())}function eg(){return Z(xe(),"repl-history.jsonl")}function fB(e){if(typeof e!="stri...
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.mjsView on unpkg · L1

Findings

3 Critical4 High6 Medium4 Low
CriticalSame File Env Network Executiondist/telegram.mjs
CriticalCommand Output Exfiltrationdist/telegram.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/cli.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/telegram.mjs
HighShelldist/telegram.mjs
HighRemote Agent Bridgedist/telegram.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/telegram.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/telegram.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings