registry  /  cladding  /  0.8.3

cladding@0.8.3

Reference implementation of the Ironclad standard — multi-agent dev harness for Claude Code.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 22 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 397 file(s), 6.07 MB of source, external domains: api.anthropic.com, api.openai.com, doc.rust-lang.org, docs.anthropic.com, docs.expo.dev, example.com, generativelanguage.googleapis.com, github.com, go.dev, google.github.io, jcgt.org, json-schema.org, json.schemastore.org, kotlinlang.org, peps.python.org, platform.claude.com, raw.githubusercontent.com, rubystyle.guide, www.w3.org

Source & flagged code

12 flagged · loading source
dist/tests/stages/util.test.jsView file
88patternName = aws_access_key severity = critical line = 88 matchedText = const ou...ed);
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/tests/stages/util.test.jsView on unpkg · L88
88patternName = aws_access_key severity = critical line = 88 matchedText = const ou...ed);
Critical
Secret Pattern

AWS access key ID in dist/tests/stages/util.test.js

dist/tests/stages/util.test.jsView on unpkg · L88
dist/tests/core/checkpoint.test.jsView file
16// that need a no-git path run inside a tmpdir. L17: import { execFileSync } from 'node:child_process'; L18: import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/tests/core/checkpoint.test.jsView on unpkg · L16
dist/src/stages/type.jsView file
11import process from 'node:process'; L12: import { execaSync } from 'execa'; L13: import { resolveStageCommand } from './toolchain/scoped-command.js';
High
Shell

Package source references shell execution.

dist/src/stages/type.jsView on unpkg · L11
dist/tests/stages/ai-hints-forbidden-pattern.test.jsView file
22writeMinimalSpec(dir); L23: writeSrc(dir, 'a.ts', 'export const x = eval("1+1");\n'); L24: expect(aiHintsForbiddenPattern.run({ cwd: dir })).toEqual([]);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/tests/stages/ai-hints-forbidden-pattern.test.jsView on unpkg · L22
dist/tests/optimizer/infer-depends-on.test.jsView file
124describe('JS/TS extraction', () => { L125: test('import…from, side-effect import, and require() all resolve owned edges', () => { L126: const spec = makeSpec([
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/tests/optimizer/infer-depends-on.test.jsView on unpkg · L124
dist/clad.jsView file
743`)}function G1e(t,e){let r=[lX,"",`# ${e} \u2014 Project Context`,""];if(r.push("## 1. What this project is (observed)",""),t.readmeFirstParagraph?r.push(`> ${t.readmeFirstParagrap... L744: `)}Cp();import{readFileSync as GLe}from"node:fs";import{join as ZLe}from"node:path";var VLe="claude-sonnet-4-6",Hw=16384;function WLe(t,e="."){if(t)return t;try{let n=GLe(ZLe(e,".c... L745: `)}function $m(t){let e=aQ(t);return["# Cladding \xB7 Tier B \xB7 SSoT \u2014 editable, cross-validated \xB7 Refreshed by: clad init / clad clarify","# Greenfield seed \u2014 no im... ... L747: `)}var SN=Et(cr(),1);Dr();var uQ="<!-- Cladding \xB7 Tier B \xB7 SSoT \u2014 intent + Why/What/Purpose \xB7 Refreshed by: clad init / clad clarify -->\n<!-- Onboarding refined from... L748: <!-- LLM unavailable or response sentinel-miss; the body below quotes your intent verbatim. Re-run with a connected LLM dispatcher to capture inferred domain context. -->`;function... L749: `)}function dQ(t){return{mode:vs(t,"ONBOARDING_MODE"),projectContext:vs(t,"PROJECT_CONTEXT_MD"),capabilities:vs(t,"CAPABILITIES_YAML"),architecture:vs(t,"ARCHITECTURE_YAML"),specSe...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/clad.jsView on unpkg · L743
419L420: `)}p.write("payload.value = newResult;"),p.write("return payload;");let _=p.compile();return(S,x)=>_(f,S,x)},o,s=uc,a=!cc.jitless,l=a&&vj.value,u=e.catchall,d;t._zod.parse=(f,p)=>{... L421: L422: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of t.seen.entries()){let a=s[1];if(e===s[0]){o(s);continue}if(t.external){let l=t.exter... L423: ]))`;continue}else if(n[c]==="$"){i+=`($|(?=[\r ... L429: || (${s} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(a,(0,ve._)`+${i}`);return;case"boolean":n.elseIf((0,ve._)`${i} === "false" || ${i} === 0 || ${i} === null`).... L430: || ${s} === "boolean" || ${i} === null`).assign(a,(0,ve._)`[${i}]`)}}}function yGe({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,ve._)`${e} !== undefined`,()=>t.assign((0,ve... L431: missingProperty: ${n}, L432: depsCount: ${e}, L433: deps: ${r}}`};var JVe={keyword:"dependencies",type:"object",schemaType:"object",error:Yi.error,code(t){let[e,r]=YVe(t);mce(t,e),hce(t,r)}};function YVe({schema:t}){let e={},r={};fo... L434: `);let n=r??t,i=CKe(n,e),o=kle.get(i);if(o)return o;if(!Ele(i))throw new Error(`agents/${n}.md not found at ${i}`);let s
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/clad.jsView on unpkg · L419
6globalThis.__CLADDING_BUNDLED = true; L7: var $ue=Object.create;var HE=Object.defineProperty;var kue=Object.getOwnPropertyDescriptor;var Eue=Object.getOwnPropertyNames;var Aue=Object.getPrototypeOf,Tue=Object.prototype.has... L8: `)}displayWidth(e){return pq(e).length}styleTitle(e){return e}styleUsage(e){return e.split(" ").map(r=>r==="[options]"?this.styleOptionText(r):r==="[command]"?this.styleSubcommandT... ... L18: (Did you mean one of ${n.join(", ")}?)`:n.length===1?` L19: (Did you mean ${n[0]}?)`:""}hq.suggestSimilar=jue});var vq=v(sA=>{var Mue=He("node:events").EventEmitter,rA=He("node:child_process"),no=He("node:path"),Hg=He("node:fs"),Ue=He("node... L20: - specify the name in Command constructor or using .name()`);return r=r||{},r.isDefault&&(this._defaultCommandName=e._name),(r.noHelp||r.hidden)&&(e._hidden=!0),this._registerComma... ... L81: `;return`${m} L82: ${i}${p}`}else return`${f}${s}${d.join(" ")}${s}${p}`}function py({indent:t,options:{commentString:e}},r,n,i){if(n&&i&&(n=n.replace(/^\n+/,"")),n){let o=fy.indentComment(e(n),t);r.... L83: `:" ")}return jfe.stringifyString({comment:t,type:e,value:a},n,i,o)}};P4.binary=Mfe});var $y=v(xy=>{"use strict";var wy=Ce(
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/clad.jsView on unpkg · L6
6Cross-file remote execution chain: dist/clad.js spawns dist/viewer/app.js; helper contains network access plus dynamic code execution. L6: globalThis.__CLADDING_BUNDLED = true; L7: var $ue=Object.create;var HE=Object.defineProperty;var kue=Object.getOwnPropertyDescriptor;var Eue=Object.getOwnPropertyNames;var Aue=Object.getPrototypeOf,Tue=Object.prototype.has... L8: `)}displayWidth(e){return pq(e).length}styleTitle(e){return e}styleUsage(e){return e.split(" ").map(r=>r==="[options]"?this.styleOptionText(r):r==="[command]"?this.styleSubcommandT... ... L18: (Did you mean one of ${n.join(", ")}?)`:n.length===1?` L19: (Did you mean ${n[0]}?)`:""}hq.suggestSimilar=jue});var vq=v(sA=>{var Mue=He("node:events").EventEmitter,rA=He("node:child_process"),no=He("node:path"),Hg=He("node:fs"),Ue=He("node... L20: - specify the name in Command constructor or using .name()`);return r=r||{},r.isDefault&&(this._defaultCommandName=e._name),(r.noHelp||r.hidden)&&(e._hidden=!0),this._registerComma... ... L81: `;return`${m} L82: ${i}${p}`}else return`${f}${s}${d.join(" ")}${s}${p}`}function py({indent:t,options:{commentString:e}},r,n,i){if(n&&i&&(n=n.replace(/^\n+/,"")),n){let o=fy.indentComment(e(n),t…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/clad.jsView on unpkg · L6
dist/tests/cli/graph-export-pipe.test.jsView file
19test('--format json over a pipe arrives complete and parseable', () => { L20: const out = execFileSync('npx', ['tsx', 'src/cli/clad.ts', 'graph', 'export', '--format', 'json'], { L21: cwd: REPO,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/tests/cli/graph-export-pipe.test.jsView on unpkg · L19
dist/conformance/runner.jsView file
252patternName = stripe_live_secret severity = critical line = 252 matchedText = writeFil...n');
Critical
Secret Pattern

Stripe live secret key in dist/conformance/runner.js

dist/conformance/runner.jsView on unpkg · L252

Findings

3 Critical7 High5 Medium7 Low
CriticalCritical Secretdist/tests/stages/util.test.js
CriticalSecret Patterndist/tests/stages/util.test.js
CriticalSecret Patterndist/conformance/runner.js
HighChild Processdist/tests/core/checkpoint.test.js
HighShelldist/src/stages/type.js
HighSame File Env Network Executiondist/clad.js
HighCommand Output Exfiltrationdist/clad.js
HighObfuscated Payload Loaderdist/clad.js
HighCross File Remote Execution Contextdist/clad.js
HighRuntime Package Installdist/tests/cli/graph-export-pipe.test.js
MediumDynamic Requiredist/tests/optimizer/infer-depends-on.test.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/tests/stages/ai-hints-forbidden-pattern.test.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings