registry  /  amalgm  /  0.1.140

amalgm@0.1.140

Amalgm local computer runtime: login, MCP, chat, events, previews, and tunnels.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 290 file(s), 2.25 MB of source, external domains: 127.0.0.1, access.stripe.com, ai-gateway.vercel.sh, amalgm-api-proxy-v2.fly.dev, amalgm-desktop-releases.fly.dev, amalgm.ai, amalgm.example, another-chats-page.test, api.anthropic.com, api.dashboard.plaid.com, api.figma.com, api.githubcopilot.com, api.openai.com, api.supabase.com, app.amalgm.test, app.example.com, app.example.test, app.planetscale.com, atlassian.com, auth.planetscale.com, cdn.example, cf.mcp.atlassian.com, cloudflare.com, cursor.com, dashboard.plaid.com, datadoghq.com, desktop-release.example, developer.squareup.com, developers.cloudflare.com, developers.egnyte.com, developers.figma.com, developers.hubspot.com, developers.intercom.com, developers.notion.com, developers.webflow.com, dhygzobemt712.cloudfront.net, docs.exa.ai, docs.gitlab.com, docs.paypal.ai, docs.sentry.io, docs.slack.dev, docs.stripe.com, egnyte.com, exa.ai, example.com, example.supabase.co, example.test, excalidraw.com, explicit.example, figma.com

Source & flagged code

8 flagged · loading source
runtime/scripts/amalgm-mcp/workspace/rest.jsView file
7const path = require('path'); L8: const { execFile } = require('child_process'); L9: const { promisify } = require('util');
High
Child Process

Package source references child process execution.

runtime/scripts/amalgm-mcp/workspace/rest.jsView on unpkg · L7
runtime/scripts/amalgm-mcp/tests/browser-capture.test.jsView file
63]; L64: const result = new Function('document', 'window', `return (${script})`)( L65: { querySelectorAll: () => fakeViews, visibilityState: 'visible' },
Low
Eval

Package source references a known benign dynamic code generation pattern.

runtime/scripts/amalgm-mcp/tests/browser-capture.test.jsView on unpkg · L63
bin/amalgm.jsView file
26try { L27: return JSON.parse(require('fs').readFileSync(file, 'utf8')); L28: } catch {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/amalgm.jsView on unpkg · L26
runtime/scripts/amalgm-mcp/workflows/runner.jsView file
4const fs = require('fs'); L5: const { spawn } = require('child_process'); L6: const vm = require('vm'); ... L88: const key = String(name || '').trim(); L89: if (key && process.env[key] != null) secrets[key] = process.env[key]; L90: } ... L116: URL, L117: URLSearchParams, L118: TextDecoder, L119: TextEncoder, ... L201: L202: let stdout = Buffer.alloc(0);
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

runtime/scripts/amalgm-mcp/workflows/runner.jsView on unpkg · L4
lib/service.jsView file
5const path = require('path'); L6: const { spawn, spawnSync } = require('child_process'); L7: ... L29: L30: const PACKAGE_VERSION = require('../package.json').version; L31: const SERVICE_LABEL_SCOPE = `${AMALGM_RUNTIME_USER_SCOPE}.${AMALGM_RUNTIME_LABEL}` L32: .replace(/[^A-Za-z0-9_.-]/g, '_'); L33: const SERVICE_LABEL = process.env.AMALGM_SERVICE_LABEL || `ai.amalgm.runtime.${SERVICE_LABEL_SCOPE}`; L34: const SERVICE_SCRIPT_FILE = path.join(SERVICE_DIR, 'amalgm-watchdog.sh'); ... L92: try { L93: return JSON.parse(fs.readFileSync(file, 'utf8')); L94: } catch {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

lib/service.jsView on unpkg · L5
runtime/scripts/amalgm-mcp/tests/apps-supervisor.test.jsView file
5const fs = require('fs'); L6: const http = require('http'); L7: const net = require('net'); ... L9: const path = require('path'); L10: const { spawn, spawnSync } = require('child_process'); L11: L12: const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'amalgm-app-supervisor-')); L13: process.env.AMALGM_DIR = path.join(tempRoot, 'user'); L14: process.env.AMALGM_HOME = path.join(tempRoot, 'home');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

runtime/scripts/amalgm-mcp/tests/apps-supervisor.test.jsView on unpkg · L5
runtime/scripts/chat-core/adapters/cursor.jsView file
4const path = require('path'); L5: const { spawnSync } = require('child_process'); L6: const { done, errorEvent, warningEvent } = require('../events'); ... L18: function resolveBinary() { L19: const binaryName = process.platform === 'win32' ? 'cursor-agent.exe' : 'cursor-agent'; L20: const homes = [...new Set([process.env.AMALGM_NATIVE_HOME, os.homedir()].filter(Boolean))]; L21: const candidates = [ ... L37: } L38: throw new Error(`Cursor Agent CLI is not available. Checked: ${failures.join(', ') || 'no candidates'}. Install it with: curl https://cursor.com/install -fsS | bash, then run curso... L39: } ... L247: CursorAdapter, L248: __private: {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

runtime/scripts/chat-core/adapters/cursor.jsView on unpkg · L4
runtime/scripts/amalgm-mcp/events/desktop-release-runner.jsView file
matchType = previous_version_dangerous_delta matchedPackage = amalgm@0.1.139 matchedIdentity = npm:YW1hbGdt:0.1.139 similarity = 0.967 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

runtime/scripts/amalgm-mcp/events/desktop-release-runner.jsView on unpkg

Findings

5 High6 Medium6 Low
HighChild Processruntime/scripts/amalgm-mcp/workspace/rest.js
HighShell
HighSame File Env Network Executionruntime/scripts/amalgm-mcp/tests/apps-supervisor.test.js
HighSandbox Evasion Gated Capabilityruntime/scripts/chat-core/adapters/cursor.js
HighPrevious Version Dangerous Deltaruntime/scripts/amalgm-mcp/events/desktop-release-runner.js
MediumDynamic Requirebin/amalgm.js
MediumUnsafe Vm Contextruntime/scripts/amalgm-mcp/workflows/runner.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/service.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalruntime/scripts/amalgm-mcp/tests/browser-capture.test.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License