registry  /  agentic-mermaid  /  0.1.0

agentic-mermaid@0.1.0

⚠ Under review

Agentic Mermaid: render, verify, and safely edit Mermaid diagrams as ASCII, PNG, SVG, or structured agent workflows — with composable styles (hand-drawn, excalidraw, watercolor, or your own as JSON).

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 181 file(s), 7.74 MB of source, external domains: agentic-mermaid.dev, fonts.googleapis.com, github.com, llmstxt.org, www.w3.org

Source & flagged code

6 flagged · loading source
dist/am.jsView file
6920contains invisible/control Unicode U+FEFF (zero width no-break space) var FRONTMATTER_REGEX2 = /^<U+FEFF>?\s*---\s*\r?\n([\s\S]*?)\r?\n\s*---\s*(?:\r?\n|$)/;
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/am.jsView on unpkg · L6920
190import { readFileSync as readFileSync2, existsSync as existsSync3, writeFileSync as writeFileSync2, mkdtempSync, watch } from "fs"; L191: import { spawnSync } from "child_process"; L192: import { join as join3, resolve } from "path";
High
Child Process

Package source references child process execution.

dist/am.jsView on unpkg · L190
6Cross-file remote execution chain: dist/am.js spawns dist/index.js; helper contains network access plus dynamic code execution. L6: L7: // package.json L8: var require_package = __commonJS({ ... L47: type: "git", L48: url: "git+https://github.com/adewale/agentic-mermaid.git" L49: }, ... L190: import { readFileSync as readFileSync2, existsSync as existsSync3, writeFileSync as writeFileSync2, mkdtempSync, watch } from "fs"; L191: import { spawnSync } from "child_process"; L192: import { join as join3, resolve } from "path"; ... L202: text: processed.lines.join("\n"), L203: body: processed.body, L204: lines: processed.lines,
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/am.jsView on unpkg · L6
src/mcp/facade.tsView file
548// eslint-disable-next-line no-new-func L549: new Function(`return (\n${stripped}\n)`) L550: return [expressionWrapped]
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/mcp/facade.tsView on unpkg · L548
src/mcp/sandbox.tsView file
131if (typeof encoded !== 'string') return [] L132: const value = JSON.parse(encoded) L133: return Array.isArray(value) ? value.filter(v => typeof v === 'string') : []
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

src/mcp/sandbox.tsView on unpkg · L131
dist/agent.jsView file
Trigger-reachable chain: manifest.exports -> dist/agent.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/agent.jsView on unpkg

Findings

2 Critical3 High4 Medium6 Low
CriticalTrojan Source Unicodedist/am.js
CriticalTrigger Reachable Dangerous Capabilitydist/agent.js
HighChild Processdist/am.js
HighShell
HighCross File Remote Execution Contextdist/am.js
MediumUnsafe Vm Contextsrc/mcp/sandbox.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/mcp/facade.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings