registry  /  customize-agent  /  3.0.0

customize-agent@3.0.0

通用终端 AI 助手 — 原生 Function Calling + 双语 TUI + 三级模型分层

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 303 KB of source, external domains: 127.0.0.1

Source & flagged code

3 flagged · loading source
dist/tui/file-index.jsView file
4*/ L5: import { execFileSync } from 'child_process'; L6: import glob from 'fast-glob';
High
Child Process

Package source references child process execution.

dist/tui/file-index.jsView on unpkg · L4
dist/agent/executor.jsView file
39this.i18n = config.i18n; L40: this.projectRoot = config.projectRoot ?? process.cwd(); L41: this.repoMap = config.repoMap; ... L109: } L110: /** 统一输出:onWrite 优先 → onEvent 其次 → process.stdout 回退 */ L111: _write(text) { ... L119: } L120: process.stdout.write(text); L121: } ... L320: try { L321: const validation = PlanModeManager.validatePlan(JSON.parse(jsonText)); L322: const formatted = validation.valid && validation.plan
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/agent/executor.jsView on unpkg · L39
dist/index.jsView file
3import { Command } from 'commander'; L4: import { execSync } from 'child_process'; L5: import { readFileSync } from 'fs'; L6: import { dirname, resolve } from 'path'; L7: import { createServer } from 'net'; L8: import { createRequire } from 'module'; ... L17: function resolveUserProjectRoot() { L18: return resolve(process.env.CUSTOMIZE_PROJECT_ROOT ?? process.env.INIT_CWD ?? process.env.PWD ?? process.cwd()); L19: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L3

Findings

3 High3 Medium6 Low
HighChild Processdist/tui/file-index.js
HighShell
HighSame File Env Network Executiondist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/agent/executor.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings