registry  /  aquaman-proxy  /  0.13.1

aquaman-proxy@0.13.1

🔱 API key protection for AI agents. Bring your own vault. Credentials stay where you already keep them, never in the agent's memory.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 335 KB of source, external domains: 1password.com, api-inference.huggingface.co, api.anthropic.com, api.elevenlabs.io, api.example.com, api.github.com, api.line.me, api.mistral.ai, api.openai.com, api.telegram.org, api.telnyx.com, api.twilio.com, api.twitch.tv, api.x.ai, aquaman.local, bitwarden.com, chat.googleapis.com, discord.com, gateway.ai.cloudflare.com, graph.microsoft.com, login.microsoftonline.com, matrix-client.matrix.org, oauth2.googleapis.com, open.feishu.cn, openapi.zalo.me, slack.com, www.googleapis.com

Source & flagged code

4 flagged · loading source
dist/core/utils/hash.jsView file
4import * as crypto from 'node:crypto'; L5: import { execFileSync } from 'node:child_process'; L6: import * as fs from 'node:fs';
High
Child Process

Package source references child process execution.

dist/core/utils/hash.jsView on unpkg · L4
dist/openclaw/env-writer.jsView file
25} L26: const baseUrl = `http://aquaman.local/${service.name}`; L27: // Map service names to OpenClaw environment variables ... L68: export function appendToShellRc(env) { L69: const shell = process.env['SHELL'] || '/bin/bash'; L70: const rcFile = shell.includes('zsh') L71: ? path.join(os.homedir(), '.zshrc') L72: : path.join(os.homedir(), '.bashrc');
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/openclaw/env-writer.jsView on unpkg · L25
dist/cli/index.jsView file
1414try { L1415: execSync('bw sync', { stdio: 'pipe', env: { ...process.env, BW_SESSION: session } }); L1416: } ... L1425: console.error(' Bitwarden CLI not found.'); L1426: console.error(' Install: https://bitwarden.com/help/cli/'); L1427: console.error(' Then: bw login && export BW_SESSION=$(bw unlock --raw)');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli/index.jsView on unpkg · L1414
dist/core/credentials/backends/keepassxc.jsView file
36package = aquaman-proxy; repositoryIdentity = aquaman; dependency = argon2 L36: try { L37: const argon2Mod = await import('argon2'); L38: const argon2 = argon2Mod.default || argon2Mod;
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/core/credentials/backends/keepassxc.jsView on unpkg · L36

Findings

4 High4 Medium5 Low
HighChild Processdist/core/utils/hash.js
HighShell
HighSame File Env Network Executiondist/cli/index.js
HighCopied Package Dependency Bridgedist/core/credentials/backends/keepassxc.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/openclaw/env-writer.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings