registry  /  codex-starterkit  /  0.1.4

codex-starterkit@0.1.4

Global baseline (Codex plugins) + thin project overlay installer for the OpenAI Codex Agent.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 36 file(s), 825 KB of source, external domains: api.github.com, context7.com, github.com, grep.app, json-schema.org, json.schemastore.org, prompts.chat, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, token.v-claw.org, tools.ietf.org, www.safaribooksonline.com, www.w3.org

Source & flagged code

4 flagged · loading source
baseline/mcp-tools/dist/mcp/server.jsView file
2941sourceCode = this.opts.code.process(sourceCode, sch); L2942: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2943: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

baseline/mcp-tools/dist/mcp/server.jsView on unpkg · L2941
src/rtk.mjsView file
13import path from 'node:path' L14: import { spawnSync } from 'node:child_process' L15: import { ensureDir, exists } from './fs-utils.mjs' ... L18: export const RTK_REPO = 'rtk-ai/rtk' L19: export const RTK_INSTALL_COMMAND = 'curl -fsSL https://raw.githubusercontent.com/rtk-[redacted].sh | sh' L20: export const RTK_FALLBACK_INSTALL_COMMAND = 'cargo install --git https://github.com/rtk-ai/rtk' ... L25: if (!exists(filePath)) return fallback L26: return JSON.parse(fs.readFileSync(filePath, 'utf8')) L27: } catch { ... L55: L56: function pathEntries(env = process.env, platform = process.platform) { L57: const delimiter = platform === 'win32' ? ';' : ':'
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/rtk.mjsView on unpkg · L13
baseline/hooks-plugin/hooks/guard.cmdView file
path = baseline/hooks-plugin/hooks/guard.cmd kind = build_helper sizeBytes = 207 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

baseline/hooks-plugin/hooks/guard.cmdView on unpkg
baseline/skills/security-and-hardening/SKILL.mdView file
104patternName = generic_password severity = medium line = 104 matchedText = console.... });
Medium
Secret Pattern

Hardcoded password in baseline/skills/security-and-hardening/SKILL.md

baseline/skills/security-and-hardening/SKILL.mdView on unpkg · L104

Findings

1 High5 Medium5 Low
HighSandbox Evasion Gated Capabilitysrc/rtk.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbaseline/hooks-plugin/hooks/guard.cmd
MediumStructural Risk Force Deep Review
MediumSecret Patternbaseline/skills/security-and-hardening/SKILL.md
LowScripts Present
LowEvalbaseline/mcp-tools/dist/mcp/server.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings