registry  /  baldart  /  5.3.2

baldart@5.3.2

⚠ Under review

Claude Agent Framework - Reusable framework for coordinating AI agents and humans in software projects

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 80 file(s), 820 KB of source, external domains: biomejs.dev, github.com, pypi.org, registry.npmjs.org

Source & flagged code

8 flagged · loading source
framework/scripts/analyze-session-tokens.jsView file
358lines.push( L359: `> ⚠ team-mode caveat: ${missingNested} Agent spawn(s) in the main transcript have no local` L360: );
High
Child Process

Package source references child process execution.

framework/scripts/analyze-session-tokens.jsView on unpkg · L358
bin/baldart.jsView file
14L15: const { Command } = require('commander'); L16: const chalk = require('chalk');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/baldart.jsView on unpkg · L14
src/utils/routine-adapters/cron.jsView file
7* Generates `scripts/routines/<name>.sh` (a self-contained wrapper) and prints L8: * the exact crontab line the user must install. Does NOT touch the user's L9: * crontab directly — that would be too invasive. ... L13: class CronAdapter { L14: constructor(cwd = process.cwd()) { L15: this.cwd = cwd; ... L85: return `#!/usr/bin/env bash L86: # Generated by BALDART (v${require('../../../package.json').version}) — npx baldart routines L87: # Routine: ${spec.name}
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

src/utils/routine-adapters/cron.jsView on unpkg · L7
src/utils/overlay-merger.jsView file
117contains invisible/control Unicode U+FEFF (zero width no-break space) const m = content.match(/^(<U+FEFF>?\s*)---\n([\s\S]*?)\n---(\r?\n|$)/);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

src/utils/overlay-merger.jsView on unpkg · L117
Trigger-reachable chain: manifest.bin -> bin/baldart.js -> src/commands/overlay.js -> src/utils/overlay-merger.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

src/utils/overlay-merger.jsView on unpkg
src/utils/i18n-gate.jsView file
164function installDeps(cwd = process.cwd()) { L165: execSync(`npm install -D ${depsFor(cwd).join(' ')}`, { cwd, stdio: 'ignore' }); L166: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/utils/i18n-gate.jsView on unpkg · L164
framework/.claude/hooks/agent-discovery-info.shView file
path = framework/.claude/hooks/agent-discovery-info.sh kind = payload_in_excluded_dir sizeBytes = 7152 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

framework/.claude/hooks/agent-discovery-info.shView on unpkg
path = framework/.claude/hooks/agent-discovery-info.sh kind = build_helper sizeBytes = 7152 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

framework/.claude/hooks/agent-discovery-info.shView on unpkg

Findings

2 Critical4 High6 Medium5 Low
CriticalTrojan Source Unicodesrc/utils/overlay-merger.js
CriticalTrigger Reachable Dangerous Capabilitysrc/utils/overlay-merger.js
HighChild Processframework/scripts/analyze-session-tokens.js
HighShell
HighRuntime Package Installsrc/utils/i18n-gate.js
HighPayload In Excluded Dirframework/.claude/hooks/agent-discovery-info.sh
MediumDynamic Requirebin/baldart.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencesrc/utils/routine-adapters/cron.js
MediumShips Build Helperframework/.claude/hooks/agent-discovery-info.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings