registry  /  codeably  /  1.3.6

codeably@1.3.6

Autonomous coding agent. Bring your own API key. Zero cost forever.

Static Scan Results

scanned 56m ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 104 KB of source, external domains: aistudio.google.com, api.anthropic.com, api.groq.com, api.mistral.ai, api.openai.com, console.anthropic.com, console.groq.com, console.mistral.ai, generativelanguage.googleapis.com, github.com, openrouter.ai, platform.openai.com, registry.npmjs.org

Source & flagged code

3 flagged · loading source
tools/index.jsView file
9import path from "path"; L10: import { execSync } from "child_process"; L11: import { createHash } from "crypto";
High
Child Process

Package source references child process execution.

tools/index.jsView on unpkg · L9
bin/create-codeably.jsView file
4* L5: * npx codeably — zero-install quickstart. L6: * Run from any terminal: npx codeably "your task" ... L14: L15: import { execSync, spawn } from "child_process"; L16: import { createInterface } from "readline";
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/create-codeably.jsView on unpkg · L4
install-shortcut.shView file
path = install-shortcut.sh kind = build_helper sizeBytes = 3524 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install-shortcut.shView on unpkg

Findings

3 High3 Medium4 Low
HighChild Processtools/index.js
HighShell
HighRuntime Package Installbin/create-codeably.js
MediumNetwork
MediumShips Build Helperinstall-shortcut.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings