registry  /  alvin-bot  /  5.63.0

alvin-bot@5.63.0

Open-source, self-hosted autonomous AI agent on Telegram, Slack, Discord, WhatsApp, Signal, terminal & web. Claude Agent SDK + multi-provider engine with auto-failover, detached sub-agents, zero-config memory. Local-first, telemetry-free.

Static Scan Results

scanned 11d ago · by rust-scanner

Static analysis flagged 24 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 213 file(s), 2.92 MB of source, external domains: 127.0.0.1, aistudio.google.com, api.anthropic.com, api.coingecko.com, api.example.com, api.frankfurter.app, api.github.com, api.groq.com, api.openai.com, api.slack.com, api.telegram.org, brew.sh, build.nvidia.com, cdn.jsdelivr.net, chat.openai.com, claude.ai, console.anthropic.com, console.groq.com, discord.com, docs.anthropic.com, generativelanguage.googleapis.com, integrate.api.nvidia.com, nodejs.org, ollama.com, openrouter.ai, platform.openai.com, query2.finance.yahoo.com, slack.com, t.me, wacli.sh, wttr.in, www.apple.com

Source & flagged code

13 flagged · loading source
claude-bridge/src/claude.jsView file
2L3: const { spawn } = require('child_process'); L4: const crypto = require('crypto');
High
Child Process

Package source references child process execution.

claude-bridge/src/claude.jsView on unpkg · L2
2L3: const { spawn } = require('child_process'); L4: const crypto = require('crypto');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

claude-bridge/src/claude.jsView on unpkg · L2
2L3: const { spawn } = require('child_process'); L4: const crypto = require('crypto'); L5: L6: const CLAUDE_BIN = process.env.CLAUDE_BIN || 'claude'; L7: ... L105: const SCRUB_WHITELIST = new Set([ L106: 'API_KEY', 'API_KEYS', 'API_URL', 'BASE_URL', 'BASE64', L107: 'HTTP_GET', 'HTTP_POST', 'HTTP_PUT', 'HTTP_DELETE', 'HTTP_PATCH', ... L293: L294: // Idle timeout: reset on every stdout activity. L295: // Claude is alive as long as it produces output (tool calls, results, etc.)
Low
Weak Crypto

Package source references weak cryptographic algorithms.

claude-bridge/src/claude.jsView on unpkg · L2
bin/cli.jsView file
22Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network, execution+network L22: import { homedir } from "os"; L23: import { execSync } from "child_process"; L24: import { initI18n, t, getLocale } from "../dist/i18n.js"; ... L28: // Data directory — same logic as src/paths.ts L29: const DATA_DIR = process.env.ALVIN_DATA_DIR || join(homedir(), ".alvin-bot"); L30: ... L42: const ensureRL = () => { L43: if (!rl) rl = createInterface({ input: process.stdin, output: process.stdout }); L44: return rl; ... L83: try { L84: return JSON.parse(readFileSync(resolve(import.meta.dirname || ".", "../package.json"), "utf-8")).version; L85: } catch { return ""; }
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/cli.jsView on unpkg · L22
1312console.log(`\n The Claude Agent SDK needs the native Claude Code binary.`); L1313: console.log(` Install with:\n curl -fsSL https://claude.ai/install.sh | sh`); L1314: console.log(` (npm install @anthropic-ai/claude-code is the alternative path.)\n`); ... L1320: try { L1321: execSync("curl -fsSL https://claude.ai/install.sh | sh", { stdio: "inherit", timeout: 120_000 }); L1322: const localBin = join(homedir(), ".local", "bin"); L1323: if (!process.env.PATH.includes(localBin)) { L1324: process.env.PATH = `${localBin}:${process.env.PATH || ""}`;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/cli.jsView on unpkg · L1312
22import { homedir } from "os"; L23: import { execSync } from "child_process"; L24: import { initI18n, t, getLocale } from "../dist/i18n.js"; ... L28: // Data directory — same logic as src/paths.ts L29: const DATA_DIR = process.env.ALVIN_DATA_DIR || join(homedir(), ".alvin-bot"); L30: ... L42: const ensureRL = () => { L43: if (!rl) rl = createInterface({ input: process.stdin, output: process.stdout }); L44: return rl; ... L83: try { L84: return JSON.parse(readFileSync(resolve(import.meta.dirname || ".", "../package.json"), "utf-8")).version; L85: } catch { return ""; }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/cli.jsView on unpkg · L22
22Cross-file remote execution chain: bin/cli.js spawns dist/tui/index.js; helper contains network access plus dynamic code execution. L22: import { homedir } from "os"; L23: import { execSync } from "child_process"; L24: import { initI18n, t, getLocale } from "../dist/i18n.js"; ... L28: // Data directory — same logic as src/paths.ts L29: const DATA_DIR = process.env.ALVIN_DATA_DIR || join(homedir(), ".alvin-bot"); L30: ... L42: const ensureRL = () => { L43: if (!rl) rl = createInterface({ input: process.stdin, output: process.stdout }); L44: return rl; ... L83: try { L84: return JSON.parse(readFileSync(resolve(import.meta.dirname || ".", "../package.json"), "utf-8")).version; L85: } catch { return ""; }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

bin/cli.jsView on unpkg · L22
296install: () => { L297: execSync("npm install -g playwright", { stdio: "inherit" }); L298: execSync("npx playwright install chromium", { stdio: "inherit" });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli.jsView on unpkg · L296
22import { homedir } from "os"; L23: import { execSync } from "child_process"; L24: import { initI18n, t, getLocale } from "../dist/i18n.js"; ... L28: // Data directory — same logic as src/paths.ts L29: const DATA_DIR = process.env.ALVIN_DATA_DIR || join(homedir(), ".alvin-bot"); L30: ... L42: const ensureRL = () => { L43: if (!rl) rl = createInterface({ input: process.stdin, output: process.stdout }); L44: return rl; ... L83: try { L84: return JSON.parse(readFileSync(resolve(import.meta.dirname || ".", "../package.json"), "utf-8")).version; L85: } catch { return ""; }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/cli.jsView on unpkg · L22
4332const js = process.argv[5] || "document.title"; L4333: const result = await page.evaluate(new Function(`return (${js})`)); L4334: console.log(JSON.stringify({ url: page.url(), result }, null, 2));
Low
Eval

Package source references a known benign dynamic code generation pattern.

bin/cli.jsView on unpkg · L4332
dist/services/browser-manager.jsView file
1const _0x4f1d91=_0x767b;(function(_0x58da1a,_0x489fc6){const _0xbfcec7=_0x767b,_0x5b5641=_0x767b,_0xc4db42=_0x58da1a();while(!![]){try{const _0x6f9843=-parseInt(_0xbfcec7(0x145))/(...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/services/browser-manager.jsView on unpkg · L1
dist/middleware/auth.jsView file
1(function(_0x39594c,_0x58bc2c){const _0x3da5e4=_0x2e2f,_0x146b25=_0x2e2f,_0x1e4a5d=_0x39594c();while(!![]){try{const _0x399152=parseInt(_0x3da5e4(0x202))/(-0x2*0xffd+0x2030+-0x35)+...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/middleware/auth.jsView on unpkg · L1
install.shView file
path = install.sh kind = build_helper sizeBytes = 10656 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

10 High7 Medium7 Low
HighChild Processclaude-bridge/src/claude.js
HighShell
HighEntrypoint Build Divergencebin/cli.js
HighSame File Env Network Executionbin/cli.js
HighCommand Output Exfiltrationdist/services/browser-manager.js
HighSandbox Evasion Gated Capabilitybin/cli.js
HighObfuscated Payload Loaderdist/middleware/auth.js
HighCross File Remote Execution Contextbin/cli.js
HighRuntime Package Installbin/cli.js
HighObfuscated
MediumDynamic Requireclaude-bridge/src/claude.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/cli.js
MediumProtestware
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbin/cli.js
LowWeak Cryptoclaude-bridge/src/claude.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings