registry  /  claude-rpc  /  1.3.0

claude-rpc@1.3.0

Discord Rich Presence for Claude Code — live model, project, tokens, and lifetime stats driven by Claude Code's hook system.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 50 file(s), 646 KB of source, external domains: 127.0.0.1, api.anthropic.com, api.github.com, cdn.qualit.ly, claude-rpc-totals.claude-rpc.workers.dev, claude-rpc.com, claude.com, gist.github.com, github.com, nodejs.org, www.apple.com, www.w3.org

Source & flagged code

5 flagged · loading source
src/notify.jsView file
5L6: import { spawn } from 'node:child_process'; L7: import { platform } from 'node:os';
High
Child Process

Package source references child process execution.

src/notify.jsView on unpkg · L5
9/** L10: * Strip shell/PowerShell metacharacters from a label before it's interpolated L11: * into a notifier command or webhook body. The win32 path below puts text
High
Shell

Package source references shell execution.

src/notify.jsView on unpkg · L9
src/install.jsView file
11import { homedir } from 'node:os'; L12: import { spawn, spawnSync } from 'node:child_process'; L13: import { randomUUID } from 'node:crypto'; ... L62: function readJson(p, fb) { L63: try { return JSON.parse(readFileSync(p, 'utf8')); } L64: catch { return fb; } ... L96: // dev → `node "<src/hook.js>" <event>` (cloned-source iteration) L97: // Hook commands must resolve under Claude Code's hook shell — `/bin/sh` with a L98: // minimal PATH that, under nvm, has neither `claude-rpc` nor `node` on it (no ... L149: let err = ''; L150: proc.stderr.on('data', (d) => err += d.toString()); L151: proc.on('error', reject);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

src/install.jsView on unpkg · L11
src/server/index.jsView file
13L14: import { createServer } from 'node:http'; L15: import { exec } from 'node:child_process'; L16: import { ROUTES, JSON_HEADERS } from './routes.js'; ... L22: // (used in a breadcrumb), which is fixed for the life of the daemon. L23: const HTML = buildHtml({ port: Number(process.env.CLAUDE_RPC_PORT) || 47474 }); L24: const WRAPPED_HTML = buildWrappedHtml();
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/server/index.jsView on unpkg · L13
src/usage.jsView file
3// L4: // Source: GET https://api.anthropic.com/api/oauth/usage, authenticated with L5: // the SAME OAuth access token Claude Code itself uses — read from ... L18: import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs'; L19: import { spawnSync } from 'node:child_process'; L20: import { join, dirname } from 'node:path'; ... L37: if (existsSync(p)) { L38: const o = JSON.parse(readFileSync(p, 'utf8')); L39: if (o?.claudeAiOauth?.accessToken) return o.claudeAiOauth; ... L41: } catch { /* unreadable → try the keychain below */ } L42: if (process.platform === 'darwin') { L43: try {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/usage.jsView on unpkg · L3

Findings

4 High4 Medium4 Low
HighChild Processsrc/notify.js
HighShellsrc/notify.js
HighSame File Env Network Executionsrc/server/index.js
HighSandbox Evasion Gated Capabilitysrc/usage.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencesrc/install.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings