registry  /  claude-yes  /  1.177.2

claude-yes@1.177.2

⚠ Under review

A wrapper tool that automates interactions with various AI CLI tools by automatically handling common prompts and responses.

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 169 file(s), 1.57 MB of source, external domains: 127.0.0.1, 192.168.1.5, agent-yes.com, ay.local, cdn.jsdelivr.net, example.com, github.com, raw.githubusercontent.com, registry.npmjs.org, rtc.live.cloudflare.com, rustup.rs, s.agent-yes.com, www.w3.org

Source & flagged code

11 flagged · loading source
dist/ts-DszAZ9HE.jsView file
8import { arch, platform } from "process"; L9: import { execSync } from "child_process"; L10: import { closeSync, constants, createReadStream, existsSync, mkdirSync, openSync } from "fs";
High
Child Process

Package source references child process execution.

dist/ts-DszAZ9HE.jsView on unpkg · L8
14import { fileURLToPath } from "url"; L15: import { execaCommandSync, execaSync, parseCommandString } from "execa"; L16: import { fromReadable, fromWritable } from "from-node-stream";
High
Shell

Package source references shell execution.

dist/ts-DszAZ9HE.jsView on unpkg · L14
676try { L677: execSync(`${cargoCmd} --version`, { stdio: "ignore" }); L678: } catch { L679: console.warn("Warning: Rust/Cargo not found. bun-pty native module may not work."); L680: console.warn("To fix this, install Rust: https://rustup.rs/"); L681: return; ... L684: const isWindows = platform === "win32"; L685: const tempBase = isWindows ? process.env.TEMP || "C:\\Temp" : "/tmp"; L686: if (!existsSync(join(rustPtyDir, "Cargo.toml"))) {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/ts-DszAZ9HE.jsView on unpkg · L676
dist/agent-yes.config-ugPYTPOd.jsView file
213const legacyConfigs = await Promise.all([ L214: import(path.resolve(os.homedir(), ".agent-yes/config.ts")).catch(() => ({ default: {} })).then((mod) => mod.default), L215: import(path.resolve(process.cwd(), "node_modules/.agent-yes/config.ts")).catch(() => ({ default: {} })).then((mod) => mod.default),
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/agent-yes.config-ugPYTPOd.jsView on unpkg · L213
dist/schedule-CG5opwak.jsView file
59stdin: "ignore", L60: stdout: capture ? "pipe" : "inherit", L61: stderr: capture ? "pipe" : "inherit" L62: }); L63: const out = capture ? await new Response(p.stdout).text() : ""; L64: return { ... L71: if (!oxmgrBin) { L72: process.stderr.write("ay schedule: oxmgr not found\n install with: cargo install oxmgr\n or: bun add -g oxmgr\n"); L73: return 1;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/schedule-CG5opwak.jsView on unpkg · L59
dist/share-29YbzpbU.jsView file
matchType = previous_version_dangerous_delta matchedPackage = claude-yes@1.162.0 matchedIdentity = npm:Y2xhdWRlLXllcw:1.162.0 similarity = 0.642 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/share-29YbzpbU.jsView on unpkg
21async function getIceServers() { L22: const keyId = process.env.CF_TURN_KEY_ID; L23: const apiToken = process.env.CF_TURN_API_TOKEN; ... L27: try { L28: const r = await fetch(`https://rtc.live.cloudflare.com/v1/turn/keys/${keyId}/credentials/generate-ice-servers`, { L29: method: "POST", ... L33: }, L34: body: JSON.stringify({ ttl }), L35: signal: AbortSignal.timeout(5e3) ... L37: if (!r.ok) throw new Error(`Cloudflare TURN ${r.status}`); L38: const j = await r.json(); L39: const servers = j.iceServers?.length ? j.iceServers : STUN;
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/share-29YbzpbU.jsView on unpkg · L21
dist/versionChecker-BalLjvoe.jsView file
114package = claude-yes; repositoryIdentity = agent-yes; dependency = execa L114: try { L115: const { execaCommand } = await import("execa"); L116: await execaCommand(installCmd, { stdio: "inherit" });
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/versionChecker-BalLjvoe.jsView on unpkg · L114
111async function runInstall(latestVersion) { L112: const installCmd = detectPackageManager() === "bun" ? `bun add -g ${CANONICAL_PKG_NAME}@${latestVersion}` : `npm install -g ${CANONICAL_PKG_NAME}@${latestVersion}`; L113: process.stderr.write(`\x1b[33m[agent-yes] Updating ${getInstalledPackage().version} → ${latestVersion}…\x1b[0m\n`); L114: try { L115: const { execaCommand } = await import("execa"); L116: await execaCommand(installCmd, { stdio: "inherit" });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/versionChecker-BalLjvoe.jsView on unpkg · L111
dist/serve-CTAKrcdO.jsView file
19Cross-file remote execution chain: dist/serve-CTAKrcdO.js spawns lab/ui/qrcode.js; helper contains network access plus dynamic code execution. L19: import path from "path"; L20: import { execFileSync } from "node:child_process"; L21: import { fileURLToPath } from "node:url"; ... L31: * predates `parseSource` (the canonical normalizer in the standard): L32: * https://github.com/o/r/tree/b · github.com/o/r/tree/b · o/r/tree/b L33: * o/r@branch · o/r (→ default branch main) ... L43: function agentYesHome() { L44: return process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes"); L45: } ... L80: const maxLen = Math.max(provided.length, expectedToken.length); L81: return timingSafeEqual(Buffer.from(provided.padEnd(maxLen, "\0")), Buffer.from(expectedToken.padEnd(maxLen, "\0"))) && provided.length === expectedToken.length; L82: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/serve-CTAKrcdO.jsView on unpkg · L19
examples/gcp.shView file
path = examples/gcp.sh kind = build_helper sizeBytes = 2338 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

examples/gcp.shView on unpkg

Findings

1 Critical7 High5 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/share-29YbzpbU.js
HighChild Processdist/ts-DszAZ9HE.js
HighShelldist/ts-DszAZ9HE.js
HighSame File Env Network Executiondist/ts-DszAZ9HE.js
HighCredential Exfiltrationdist/share-29YbzpbU.js
HighCopied Package Dependency Bridgedist/versionChecker-BalLjvoe.js
HighCross File Remote Execution Contextdist/serve-CTAKrcdO.js
HighRuntime Package Installdist/versionChecker-BalLjvoe.js
MediumDynamic Requiredist/agent-yes.config-ugPYTPOd.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperexamples/gcp.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/schedule-CG5opwak.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings