registry  /  agent-afk  /  5.18.0

agent-afk@5.18.0

⚠ Under review

Open-source coding-agent harness you can actually change — own the loop (prompts, gates, routing, skills, terminal states), use any model, run long tasks while you're away.

Static Scan Results

scanned 10h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 2.53 MB of source, external domains: 127.0.0.1, api.exa.ai, api.openai.com, api.telegram.org, chatgpt.com, console.anthropic.com, exa.ai, github.com, no-color.org, platform.claude.com, registry.npmjs.org, www.apple.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/postinstall.mjs || node scripts/postinstall.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/telegram.mjsView file
1#!/usr/bin/env node L2: var cv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var qi=(t,e)=>{for(var n in e)cv(t,n,{get:e[n],enumerable:!0})};function Xr(t){return Yr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function zd(){yv(hv(),fe())}function Xi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Id)th...
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/telegram.mjsView on unpkg · L1
1#!/usr/bin/env node L2: var cv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var qi=(t,e)=>{for(var n in e)cv(t,n,{get:e[n],enumerable:!0})};function Xr(t){return Yr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function zd(){yv(hv(),fe())}function Xi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Id)th...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Ao(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Ku(){if(process.platform==="darwin")try{return Uu("security",["find-generic-password","-s","Claude Code-credentials","-a",ju().username,"-w"],{stdi...
High
Child Process

Package source references child process execution.

dist/telegram.mjsView on unpkg · L147
1#!/usr/bin/env node L2: var cv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var qi=(t,e)=>{for(var n in e)cv(t,n,{get:e[n],enumerable:!0})};function Xr(t){return Yr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function zd(){yv(hv(),fe())}function Xi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Id)th...
High
Shell

Package source references shell execution.

dist/telegram.mjsView on unpkg · L1
147Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Ao(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Ku(){if(process.platform==="darwin")try{return Uu("security",["find-generic-password","-s","Claude Code-credentials","-a",ju().username,"-w"],{stdi... ... L1043: `).filter(c=>c.trim().length>0);o=a.length>0,s=a.length}r===null&&(o=null,s=null);let i=ns(t,["remote","get-url","origin"]);return{branch:n,headSha:e,dirty:o,dirtyCount:s,remoteUrl... L1044: `)}catch{}}get toolDefs(){let e=this.permissions?.allowedTools;if(!e)return this.schemas;let n=new Set(e);return this.schemas.filter(r=>n.has(r.name))}checkReadOnlyBash(e){if(!this... L1045: [output truncated \u2014 exceeded 100KB]`,u({content:R,truncated:!0,...A!==void 0?{testResult:A}:{}})}p.stdout.on("data",_=>{let R=w-b,A=_.length<=R?_:_.subarray(0,Math.max(0,R));b... ... L1059: L1060: `).trim()}function HA(t){return(t?.textContent??"").replace(/\s+/g," ").trim().length}function Of(t,e){let r=new UA(t,{url:e}).window.document,o=(r.title??"").trim(),s=null;try{let... L1061:
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/telegram.mjsView on unpkg · L147
1277L1278: `+o}async function _l(t,e){let n=t.map(c=>({hypothesis:c,decision:dy(c)})).filter(c=>c.decision.verify);if(n.length===0)return{premise_verifications:[],hypotheses_to_test:t};let r=... L1279:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/telegram.mjsView on unpkg · L1277
1#!/usr/bin/env node L2: var cv=Object.defineProperty;var y=(t,e)=>()=>(t&&(e=t(t=0)),e);var qi=(t,e)=>{for(var n in e)cv(t,n,{get:e[n],enumerable:!0})};function Xr(t){return Yr.find(e=>e.name===t)}functio... L3: `)}}}catch{}}function zd(){yv(hv(),fe())}function Xi(t){if(typeof t!="string"||t.length===0)throw new Error("Invalid browser profile: must be a non-empty string");if(t.length>Id)th... ... L109: `);Yd(i,a+n,"utf-8")}loadProcedure(e){let n=tu(e),r=co(Ae(this.dir,lo)),o=co(r,`${n}.md`);if(nu(o,r),!Hn(o))return null;try{return ru(o,ao(o,"utf-8"))}catch{return null}}searchProc... L110: `);for(let s of o)if(s.trim())try{let i=JSON.parse(s);if(!Bv(i)){B("WAL replay: skipping invalid entry:",s.slice(0,200));continue}let a=i;if(a.type==="session_start"){let c=a.data;... L111: INSERT OR IGNORE INTO sessions (session_id, surface, started_at, actor) ... L147: Resume from CLI: L148: ${e}`:`\u{1F3F7}\uFE0F Named: ${t} (saves on first turn)`}function Ao(t){if(!t)return"\u{1F4E6} Conversation compacted (older messages summarized).";let e=t.tokensSavedEstimate!==v... L149: `)}return n.accessToken}function Ku(){if(process.platform==="darwin")try{return Uu("security",["find-generic-passwo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/telegram.mjsView on unpkg · L1
dist/cli.mjsView file
1Trigger-reachable chain: manifest.bin -> dist/cli.mjs L1: #!/usr/bin/env node L2: var oB=Object.defineProperty;var _=(e,t)=>()=>(e&&(t=e(e=0)),t);var Pc=(e,t)=>{for(var n in t)oB(e,n,{get:t[n],enumerable:!0})};function Mc(e){return Ta.find(t=>t.name===e)}functio... L3: `)}}}catch{}}function qv(){rg(dB(),kt())}function zv(){rg(pB(),eg())}function Jv(){rg(mB(),Ca())}function og(){return Z(xe(),"repl-history.jsonl")}function gB(e){if(typeof e!="stri...
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.mjsView on unpkg · L1

Findings

3 Critical4 High6 Medium4 Low
CriticalSame File Env Network Executiondist/telegram.mjs
CriticalCommand Output Exfiltrationdist/telegram.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/cli.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/telegram.mjs
HighShelldist/telegram.mjs
HighRemote Agent Bridgedist/telegram.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/telegram.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/telegram.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings