registry  /  ccem  /  2.40.0

ccem@2.40.0

Claude Code Environment Manager

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
Manifest
NoLicense
scanned 3 file(s), 180 KB of source, external domains: api.anthropic.com, api.deepseek.com, api.kimi.com, api.minimaxi.com, api.moonshot.cn, api.xiaomimimo.com, coding.dashscope.aliyuncs.com, dashscope.aliyuncs.com, github.com, open.bigmodel.cn, openrouter.ai, raw.githubusercontent.com, token-plan-cn.xiaomimimo.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/migrate.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts/generate-logo.shView file
path = scripts/generate-logo.sh kind = build_helper sizeBytes = 2074 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/generate-logo.shView on unpkg

Findings

1 High4 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/generate-logo.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License