registry  /  claude-dev-env  /  1.86.0

claude-dev-env@1.86.0

Claude Code development standards — rules, hooks, agents, commands, and skills

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 39 file(s), 395 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
hooks/validators/test_security_checks.pyView file
28patternName = generic_password severity = medium line = 28 matchedText = password...123"
Medium
Secret Pattern

Package contains a possible secret pattern.

hooks/validators/test_security_checks.pyView on unpkg · L28
skills/autoconverge/workflow/converge_multi.run-input.test.mjsView file
17L18: const productionModule = new Function( L19: `${sourceSliceBetween('function normalizeMultiInput(', '\nconst multiInput =')}\n` +
Low
Eval

Package source references a known benign dynamic code generation pattern.

skills/autoconverge/workflow/converge_multi.run-input.test.mjsView on unpkg · L17
hooks/git-hooks/pre_commit.pyView file
path = hooks/git-hooks/pre_commit.py kind = build_helper sizeBytes = 2045 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/git-hooks/pre_commit.pyView on unpkg
scripts/tests/test_sync_to_cursor.pyView file
path = scripts/tests/test_sync_to_cursor.py kind = payload_in_excluded_dir sizeBytes = 13986 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

scripts/tests/test_sync_to_cursor.pyView on unpkg

Findings

1 High3 Medium5 Low
HighPayload In Excluded Dirscripts/tests/test_sync_to_cursor.py
MediumSecret Patternhooks/validators/test_security_checks.py
MediumShips Build Helperhooks/git-hooks/pre_commit.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalskills/autoconverge/workflow/converge_multi.run-input.test.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings