registry  /  agent-relay-server  /  0.120.3

agent-relay-server@0.120.3

Lightweight HTTP message relay for inter-agent communication across machines

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 17 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Manifest
CopyleftLicenseWildcardDependency
scanned 559 file(s), 11.0 MB of source, external domains: 127.0.0.1, api.github.com, cdn.jsdelivr.net, chatgpt.com, github.com, petstore3.swagger.io, radix-ui.com, react.dev, www.apple.com, www.w3.org

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/install-bin-shim.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
runner/plugins/claude/claude-statusline-probe.cjsView file
3L4: const { mkdirSync, renameSync, writeFileSync } = require("node:fs"); L5: const { tmpdir } = require("node:os");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

runner/plugins/claude/claude-statusline-probe.cjsView on unpkg · L3
src/steward.tsView file
1import { createHash } from "node:crypto"; L2: import { basename, resolve } from "node:path";
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/steward.tsView on unpkg · L1
runner/plugins/claude/hooks/user-prompt-submit.shView file
path = [redacted]-prompt-submit.sh kind = build_helper sizeBytes = 677 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

runner/plugins/claude/hooks/user-prompt-submit.shView on unpkg
public/assets/geist-latin-ext-wght-normal-DMtmJ5ZE.woff2View file
path = public/assets/geist-latin-ext-wght-normal-DMtmJ5ZE.woff2 kind = high_entropy_blob sizeBytes = 15308 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

public/assets/geist-latin-ext-wght-normal-DMtmJ5ZE.woff2View on unpkg

Findings

2 High7 Medium8 Low
HighInstall Time Lifecycle Scriptspackage.json
HighShips High Entropy Blobpublic/assets/geist-latin-ext-wght-normal-DMtmJ5ZE.woff2
MediumDynamic Requirerunner/plugins/claude/claude-statusline-probe.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperrunner/plugins/claude/hooks/user-prompt-submit.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptosrc/steward.ts
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License