registry  /  anygate  /  0.1.0

anygate@0.1.0

Route any model into any coding agent — launch Claude Code, Codex, and more with multi-provider gateways

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 911 KB of source, external domains: 127.0.0.1, accounts.google.com, aistudio.google.com, antigravity.google, api.anthropic.com, api.cerebras.ai, api.cohere.com, api.deepinfra.com, api.deepseek.com, api.example.com, api.github.com, api.githubcopilot.com, api.groq.com, api.kilo.ai, api.kimi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.openai.com, api.perplexity.ai, api.together.xyz, api.venice.ai, api.x.ai, app.kilo.ai, auth.openai.com, auth.x.ai, build.nvidia.com, cdn.simpleicons.org, chatgpt.com, claude.ai, cloud.cerebras.ai, cloudcode-pa.googleapis.com, codeassist.google.com, console.anthropic.com, console.groq.com, console.mistral.ai, console.x.ai, daily-cloudcode-pa.googleapis.com, daily-cloudcode-pa.sandbox.googleapis.com, dashboard.cohere.com, dashscope.aliyuncs.com, dashscope.console.aliyun.com, deepinfra.com, developers.openai.com, generativelanguage.googleapis.com, github.com, integrate.api.nvidia.com, models.dev, my-proxy.example.com, oauth2.googleapis.com
Oversized source lightweight scan
dist/chunk-OACEC5EH.js2.54 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoShellWebSocketDynamicRequireHighEntropyStringsUrlStrings127.0.0.1accounts.google.comapi.anthropic.comapi.example.comapi.github.comapi.openai.comapi.x.aiauth.openai.comauth.x.aichatgpt.comclaude.aicloudcode-pa.googleapis.comdaily-cloudcode-pa.googleapis.comdaily-cloudcode-pa.sandbox.googleapis.comdevelopers.openai.comgithub.commodels.devoauth2.googleapis.comopencode.aiplatform.claude.comregistry.npmjs.orgrequesty.airouter.requesty.aiwww.googleapis.com

Source & flagged code

6 flagged · loading source
dist/cli.jsView file
287oauthImported: 0, L288: error: "OpenCode CLI not found or failed to start. Install from https://opencode.ai" L289: }; ... L397: import { homedir } from "os"; L398: import { spawnSync } from "child_process"; L399: function detectShellProfile() { L400: const shell = process.env["SHELL"] ?? ""; L401: if (process.platform === "darwin") { L402: if (shell.includes("zsh")) return { display: "~/.zshrc", path: `${homedir()}/.zshrc` }; L403: if (shell.includes("bash")) return { display: "~/.bash_profile", path: `${homedir()}/.bash_profile` }; ... L825: } L826: const searchInput = await p3.text({
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L287
1156} L1157: async function runProvidersImport() { L1158: const registry = loadRegistry();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli.jsView on unpkg · L1156
287oauthImported: 0, L288: error: "OpenCode CLI not found or failed to start. Install from https://opencode.ai" L289: }; ... L397: import { homedir } from "os"; L398: import { spawnSync } from "child_process"; L399: function detectShellProfile() { L400: const shell = process.env["SHELL"] ?? ""; L401: if (process.platform === "darwin") { L402: if (shell.includes("zsh")) return { display: "~/.zshrc", path: `${homedir()}/.zshrc` }; L403: if (shell.includes("bash")) return { display: "~/.bash_profile", path: `${homedir()}/.bash_profile` }; ... L825: } L826: const searchInput = await p3.text({
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L287
287oauthImported: 0, L288: error: "OpenCode CLI not found or failed to start. Install from https://opencode.ai" L289: }; ... L397: import { homedir } from "os"; L398: import { spawnSync } from "child_process"; L399: function detectShellProfile() { L400: const shell = process.env["SHELL"] ?? ""; L401: if (process.platform === "darwin") { L402: if (shell.includes("zsh")) return { display: "~/.zshrc", path: `${homedir()}/.zshrc` }; L403: if (shell.includes("bash")) return { display: "~/.bash_profile", path: `${homedir()}/.bash_profile` }; ... L825: } L826: const searchInput = await p3.text({
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli.jsView on unpkg · L287
dist/chunk-OACEC5EH.jsView file
path = dist/chunk-OACEC5EH.js kind = oversized_source_file sizeBytes = 2666861 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/chunk-OACEC5EH.jsView on unpkg
path = dist/chunk-OACEC5EH.js kind = oversized_cli_entrypoint sizeBytes = 2666861 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/chunk-OACEC5EH.jsView on unpkg

Findings

2 High6 Medium6 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
HighOversized Source Filedist/chunk-OACEC5EH.js
MediumDynamic Requiredist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
MediumOversized Cli Entrypointdist/chunk-OACEC5EH.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/cli.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings