registry  /  agent-yes  /  1.177.0

agent-yes@1.177.0

⚠ Under review

A wrapper tool that automates interactions with various AI CLI tools by automatically handling common prompts and responses.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 169 file(s), 1.57 MB of source, external domains: 127.0.0.1, 192.168.1.5, agent-yes.com, ay.local, cdn.jsdelivr.net, example.com, github.com, raw.githubusercontent.com, registry.npmjs.org, rtc.live.cloudflare.com, rustup.rs, s.agent-yes.com, www.w3.org

Source & flagged code

10 flagged · loading source
dist/rustBinary-BPF24JLj.jsView file
1import { r as getInstalledPackage } from "./versionChecker-DlNr6KFg.js"; L2: import { execFileSync } from "child_process"; L3: import { existsSync, mkdirSync, unlinkSync } from "fs";
High
Child Process

Package source references child process execution.

dist/rustBinary-BPF24JLj.jsView on unpkg · L1
102await Bun.spawn([ L103: "powershell", L104: "-Command",
High
Shell

Package source references shell execution.

dist/rustBinary-BPF24JLj.jsView on unpkg · L102
dist/agent-yes.config-ugPYTPOd.jsView file
213const legacyConfigs = await Promise.all([ L214: import(path.resolve(os.homedir(), ".agent-yes/config.ts")).catch(() => ({ default: {} })).then((mod) => mod.default), L215: import(path.resolve(process.cwd(), "node_modules/.agent-yes/config.ts")).catch(() => ({ default: {} })).then((mod) => mod.default),
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/agent-yes.config-ugPYTPOd.jsView on unpkg · L213
dist/schedule-mhFoLlO_.jsView file
59stdin: "ignore", L60: stdout: capture ? "pipe" : "inherit", L61: stderr: capture ? "pipe" : "inherit" L62: }); L63: const out = capture ? await new Response(p.stdout).text() : ""; L64: return { ... L71: if (!oxmgrBin) { L72: process.stderr.write("ay schedule: oxmgr not found\n install with: cargo install oxmgr\n or: bun add -g oxmgr\n"); L73: return 1;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/schedule-mhFoLlO_.jsView on unpkg · L59
dist/ts-CObUr3JC.jsView file
676try { L677: execSync(`${cargoCmd} --version`, { stdio: "ignore" }); L678: } catch { L679: console.warn("Warning: Rust/Cargo not found. bun-pty native module may not work."); L680: console.warn("To fix this, install Rust: https://rustup.rs/"); L681: return; ... L684: const isWindows = platform === "win32"; L685: const tempBase = isWindows ? process.env.TEMP || "C:\\Temp" : "/tmp"; L686: if (!existsSync(join(rustPtyDir, "Cargo.toml"))) {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/ts-CObUr3JC.jsView on unpkg · L676
dist/share-29YbzpbU.jsView file
matchType = previous_version_dangerous_delta matchedPackage = agent-yes@1.162.0 matchedIdentity = npm:YWdlbnQteWVz:1.162.0 similarity = 0.642 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/share-29YbzpbU.jsView on unpkg
21async function getIceServers() { L22: const keyId = process.env.CF_TURN_KEY_ID; L23: const apiToken = process.env.CF_TURN_API_TOKEN; ... L27: try { L28: const r = await fetch(`https://rtc.live.cloudflare.com/v1/turn/keys/${keyId}/credentials/generate-ice-servers`, { L29: method: "POST", ... L33: }, L34: body: JSON.stringify({ ttl }), L35: signal: AbortSignal.timeout(5e3) ... L37: if (!r.ok) throw new Error(`Cloudflare TURN ${r.status}`); L38: const j = await r.json(); L39: const servers = j.iceServers?.length ? j.iceServers : STUN;
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/share-29YbzpbU.jsView on unpkg · L21
dist/serve-Jq_kF9Ik.jsView file
19Cross-file remote execution chain: dist/serve-Jq_kF9Ik.js spawns lab/ui/qrcode.js; helper contains network access plus dynamic code execution. L19: import path from "path"; L20: import { execFileSync } from "node:child_process"; L21: import { fileURLToPath } from "node:url"; ... L31: * predates `parseSource` (the canonical normalizer in the standard): L32: * https://github.com/o/r/tree/b · github.com/o/r/tree/b · o/r/tree/b L33: * o/r@branch · o/r (→ default branch main) ... L43: function agentYesHome() { L44: return process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes"); L45: } ... L80: const maxLen = Math.max(provided.length, expectedToken.length); L81: return timingSafeEqual(Buffer.from(provided.padEnd(maxLen, "\0")), Buffer.from(expectedToken.padEnd(maxLen, "\0"))) && provided.length === expectedToken.length; L82: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/serve-Jq_kF9Ik.jsView on unpkg · L19
dist/versionChecker-DlNr6KFg.jsView file
111async function runInstall(latestVersion) { L112: const installCmd = detectPackageManager() === "bun" ? `bun add -g ${CANONICAL_PKG_NAME}@${latestVersion}` : `npm install -g ${CANONICAL_PKG_NAME}@${latestVersion}`; L113: process.stderr.write(`\x1b[33m[agent-yes] Updating ${getInstalledPackage().version} → ${latestVersion}…\x1b[0m\n`); L114: try { L115: const { execaCommand } = await import("execa"); L116: await execaCommand(installCmd, { stdio: "inherit" });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/versionChecker-DlNr6KFg.jsView on unpkg · L111
examples/gcp.shView file
path = examples/gcp.sh kind = build_helper sizeBytes = 2338 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

examples/gcp.shView on unpkg

Findings

1 Critical6 High5 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/share-29YbzpbU.js
HighChild Processdist/rustBinary-BPF24JLj.js
HighShelldist/rustBinary-BPF24JLj.js
HighSame File Env Network Executiondist/ts-CObUr3JC.js
HighCredential Exfiltrationdist/share-29YbzpbU.js
HighCross File Remote Execution Contextdist/serve-Jq_kF9Ik.js
HighRuntime Package Installdist/versionChecker-DlNr6KFg.js
MediumDynamic Requiredist/agent-yes.config-ugPYTPOd.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperexamples/gcp.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/schedule-mhFoLlO_.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings