registry  /  dilema  /  1.0.0

dilema@1.0.0

System-wide AI overlay. Hidden from screen sharing.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 504 KB of source, external domains: console.groq.com, gist.github.com, github.com, json-schema.org, mathiasbynens.be, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, wiki.debian.org, www.w3.org

Source & flagged code

6 flagged · loading source
dist/cli/index.jsView file
13import { fileURLToPath } from "url"; L14: import { spawn, execSync } from "child_process"; L15: import { createRequire } from "module";
High
Child Process

Package source references child process execution.

dist/cli/index.jsView on unpkg · L13
13Cross-file remote execution chain: dist/cli/index.js spawns desktop/dist/daemon.cjs; helper contains network access plus dynamic code execution. L13: import { fileURLToPath } from "url"; L14: import { spawn, execSync } from "child_process"; L15: import { createRequire } from "module"; ... L23: // shared/crypto.ts L24: import { createCipheriv, createDecipheriv, createHash, randomBytes } from "crypto"; L25: var ALGO = "aes-256-gcm"; L26: function machineScopedSecret() { L27: const basis = `${process.platform}|${process.arch}|${process.env.USERNAME ?? process.env.USER ?? "user"}`; L28: return createHash("sha256").update(basis).digest(); ... L118: const seeds = []; L119: if (typeof __dirname !== "undefined") { L120: seeds.push(__dirname);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli/index.jsView on unpkg · L13
13import { fileURLToPath } from "url"; L14: import { spawn, execSync } from "child_process"; L15: import { createRequire } from "module"; ... L23: // shared/crypto.ts L24: import { createCipheriv, createDecipheriv, createHash, randomBytes } from "crypto"; L25: var ALGO = "aes-256-gcm"; L26: function machineScopedSecret() { L27: const basis = `${process.platform}|${process.arch}|${process.env.USERNAME ?? process.env.USER ?? "user"}`; L28: return createHash("sha256").update(basis).digest(); ... L118: const seeds = []; L119: if (typeof __dirname !== "undefined") { L120: seeds.push(__dirname);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli/index.jsView on unpkg · L13
desktop/dist/daemon.cjsView file
2945sourceCode = this.opts.code.process(sourceCode, sch); L2946: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2947: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

desktop/dist/daemon.cjsView on unpkg · L2945
desktop/resources/unprotect.dllView file
path = desktop/resources/unprotect.dll kind = native_binary sizeBytes = 14336 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

desktop/resources/unprotect.dllView on unpkg
desktop/resources/inject_dll.ps1View file
path = desktop/resources/inject_dll.ps1 kind = build_helper sizeBytes = 2304 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

desktop/resources/inject_dll.ps1View on unpkg

Findings

3 High6 Medium5 Low
HighChild Processdist/cli/index.js
HighShell
HighCross File Remote Execution Contextdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli/index.js
MediumShips Native Binarydesktop/resources/unprotect.dll
MediumShips Build Helperdesktop/resources/inject_dll.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldesktop/dist/daemon.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings