registry  /  atheist  /  0.0.1

atheist@0.0.1

Hub-and-spoke CLI+TUI that ports conversations between AI coding harnesses (Claude Code, Codex, OpenCode).

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 2 file(s), 331 KB of source, external domains: eu.i.posthog.com, github.com

Source & flagged code

2 flagged · loading source
dist/smoke.mjsView file
87} L88: exec(sql) { L89: this.db.exec(sql); ... L111: function openProjectInDesktopApp(directory) { L112: if (process.env[OPEN_IN_DESKTOP_ENV] !== "1") L113: return; L114: if (process.platform !== "darwin") L115: return; ... L219: const r = spawnSync("which", ["opencode"], { encoding: "utf8" }); L220: return r.status === 0 && Boolean(r.stdout.trim()); L221: } ... L234: return path.join(xdg, "opencode");
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/smoke.mjsView on unpkg · L87
dist/cli.jsView file
143} L144: async function detectHarnesses2(env = process.env) { L145: return [detectClaudeCode2(env), detectCodex2(env), detectOpencode2(env)]; ... L198: droppedTurns: z2.number().int().nonnegative(), L199: sourceMetadata: z2.record(z2.unknown()) L200: }); ... L250: /<local-command-caveat>[\s\S]*?<\/local-command-caveat>/gi, L251: /<local-command-stdout>[\s\S]*?<\/local-command-stdout>/gi, L252: /<local-command-stderr>[\s\S]*?<\/local-command-stderr>/gi ... L267: function claudeProjectsRoot() { L268: return path.join(os.homedir(), ".claude", "projects"); L269: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L143

Findings

1 High4 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptodist/smoke.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings