registry  /  agentic-kdd  /  3.8.2

agentic-kdd@3.8.2

Autonomous development pipeline — aa: · ag: · audit: · AST graph · Harness · Specs · Impact analysis · Decision trail · Metrics · MCP server. Works with Cursor and Claude Code.

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 404 KB of source, external domains: cdnjs.cloudflare.com, github.com, visualstudio.microsoft.com

Source & flagged code

4 flagged · loading source
bin/akdd.jsView file
13const fs = require('fs'); L14: const { execSync } = require('child_process'); L15:
High
Child Process

Package source references child process execution.

bin/akdd.jsView on unpkg · L13
3L4: const { init } = require('../src/init'); L5: const { update } = require('../src/update');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/akdd.jsView on unpkg · L3
src/init.jsView file
216try { L217: require('child_process').execSync('npm install better-sqlite3 --save', { L218: stdio: 'pipe', cwd: projectPath
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/init.jsView on unpkg · L216
install.shView file
path = install.sh kind = build_helper sizeBytes = 2899 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

3 High5 Medium5 Low
HighChild Processbin/akdd.js
HighShell
HighRuntime Package Installsrc/init.js
MediumDynamic Requirebin/akdd.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings