registry  /  agentcalendar  /  0.3.1

agentcalendar@0.3.1

⚠ Under review

A calendar for your AI coding agents. Local-first: reads Claude Code / Codex session logs, shows them as a week calendar with vendor-confirmed rate-limit windows and resets, queues jobs that fire at the next reset, and exposes everything as a local API (R

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 108 KB of source, external domains: 127.0.0.1, api.anthropic.com, github.com, www.apple.com

Source & flagged code

5 flagged · loading source
bin/agentcal.jsView file
1#!/usr/bin/env node L2: import { spawn } from 'node:child_process' L3: import { loadConfig } from '../src/config.js'
High
Child Process

Package source references child process execution.

bin/agentcal.jsView on unpkg · L1
src/daemon.jsView file
1import { writeFileSync, existsSync, rmSync, mkdirSync } from 'node:fs' L2: import { execFile } from 'node:child_process' L3: import { join, resolve, dirname } from 'node:path' ... L12: const LABEL = 'dev.agentcalendar' L13: const PLIST = join(homedir(), 'Library', 'LaunchAgents', `${LABEL}.plist`) L14: const ENTRY = resolve(dirname(fileURLToPath(import.meta.url)), '..', 'bin', 'agentcal.js') ... L17: return { L18: supported: process.platform === 'darwin', L19: installed: existsSync(PLIST), ... L45: // load now; ignore "already loaded" noise L46: execFile('launchctl', ['load', '-w', PLIST], () => {}) L47: return { installed: true, plist: PLIST }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

src/daemon.jsView on unpkg · L1
src/schedules.jsView file
matchType = previous_version_dangerous_delta matchedPackage = agentcalendar@0.2.0 matchedIdentity = npm:YWdlbnRjYWxlbmRhcg:0.2.0 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/schedules.jsView on unpkg
222if (s.action_type === 'command') { L223: execFile('/bin/zsh', ['-lc', s.action_value], { timeout: 15 * 60_000 }, (err, stdout, stderr) => { L224: if (err) finish(s, 'error', `${err.message}\n${stderr}`.trim()) ... L227: } else if (s.action_type === 'webhook') { L228: fetch(s.action_value, { L229: method: 'POST', L230: headers: { 'content-type': 'application/json' }, L231: body: JSON.stringify({ type: 'schedule.trigger', schedule: { id: s.id, name: s.name }, ts: Date.now() }), L232: signal: AbortSignal.timeout(15_000),
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

src/schedules.jsView on unpkg · L222
src/limits.jsView file
2import { join } from 'node:path' L3: import { execFileSync } from 'node:child_process' L4: ... L22: provider: snap.provider, account: snap.account, L23: data: { kind: snap.kind, usedPercent: snap.usedPercent, resetsAt: snap.resetsAt, plan: snap.plan ?? null }, L24: }) ... L59: try { L60: const raw = JSON.parse(readFileSync(join(root, '.credentials.json'), 'utf8')) L61: const t = freshToken(raw.claudeAiOauth) ... L65: // Read-only via the security CLI (one-time "Always Allow"), like ClaudeBar. L66: if (process.platform === 'darwin') { L67: try {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/limits.jsView on unpkg · L2

Findings

1 Critical4 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltasrc/schedules.js
HighChild Processbin/agentcal.js
HighShell
HighCommand Output Exfiltrationsrc/schedules.js
HighSandbox Evasion Gated Capabilitysrc/limits.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencesrc/daemon.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings