registry  /  agentic-relay  /  5.0.2

agentic-relay@5.0.2

Install Agent Relay AI search across 17+ agents — Claude Code, Codex, Cursor, Gemini CLI, Goose, Windsurf, Cline, BoltAI, Claude Desktop, VS Code, Amazon Q, Roo Code, Witsy, LibreChat, OpenClaw, Tome, Raycast — plus the `agentrelay` CLI for live agent ses

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 90.5 KB of source, external domains: attentionmarket-auth.vercel.app, peruwnbrqkvmrldhpoom.supabase.co, registry.npmjs.org

Source & flagged code

3 flagged · loading source
bin/lib/update-check.mjsView file
17import { join, dirname, sep } from "path"; L18: import { spawn } from "child_process"; L19: import { fileURLToPath } from "url";
High
Child Process

Package source references child process execution.

bin/lib/update-check.mjsView on unpkg · L17
11* vars are set, stderr isn't a TTY (don't pollute piped/scripted runs), or the L12: * CLI is running out of an ephemeral npx cache (npx users get @latest anyway). L13: */ ... L17: import { join, dirname, sep } from "path"; L18: import { spawn } from "child_process"; L19: import { fileURLToPath } from "url";
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/lib/update-check.mjsView on unpkg · L11
bin/lib/cache.mjsView file
31try { L32: return JSON.parse(readFileSync(path, "utf-8")); L33: } catch {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/lib/cache.mjsView on unpkg · L31

Findings

3 High3 Medium5 Low
HighChild Processbin/lib/update-check.mjs
HighShell
HighRuntime Package Installbin/lib/update-check.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/lib/cache.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings