registry  /  atheist  /  0.0.3

atheist@0.0.3

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 1 file(s), 206 KB of source, external domains: eu.i.posthog.com, github.com

Source & flagged code

2 flagged · loading source
dist/cli.jsView file
40droppedTurns: z.number().int().nonnegative(), L41: sourceMetadata: z.record(z.string(), z.unknown()) L42: }); ... L61: try { L62: const parsed = JSON.parse(fs.readFileSync(p, "utf8")); L63: if (!parsed || !Array.isArray(parsed.records)) ... L71: var init_ledger = __esm(() => { L72: LEDGER_DIR = process.env.CLAUDE_IMPORT_LEDGER_DIR || path.join(os.homedir(), ".claude-importer"); L73: }); ... L122: /<local-command-caveat>[\s\S]*?<\/local-command-caveat>/gi, L123: /<local-command-stdout>[\s\S]*?<\/local-command-stdout>/gi, L124: /<local-command-stderr>[\s\S]*?<\/local-command-stderr>/gi
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L40
40droppedTurns: z.number().int().nonnegative(), L41: sourceMetadata: z.record(z.string(), z.unknown()) L42: }); ... L61: try { L62: const parsed = JSON.parse(fs.readFileSync(p, "utf8")); L63: if (!parsed || !Array.isArray(parsed.records)) ... L71: var init_ledger = __esm(() => { L72: LEDGER_DIR = process.env.CLAUDE_IMPORT_LEDGER_DIR || path.join(os.homedir(), ".claude-importer"); L73: }); ... L122: /<local-command-caveat>[\s\S]*?<\/local-command-caveat>/gi, L123: /<local-command-stdout>[\s\S]*?<\/local-command-stdout>/gi, L124: /<local-command-stderr>[\s\S]*?<\/local-command-stderr>/gi
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli.jsView on unpkg · L40

Findings

1 High4 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptodist/cli.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings