registry  /  dskcode  /  0.1.46

dskcode@0.1.46

⚠ Under review

A DeepSeek-native AI coding agent for your terminal

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 360 file(s), 9.53 MB of source, external domains: api.deepseek.com, github.com, web.ifzq.gtimg.cn

Source & flagged code

6 flagged · loading source
dist/chunk-2R2C3BHJ.jsView file
1import{a as p}from"./chunk-522BQUZS.js";import{a as r}from"./chunk-LAG2OMSH.js";import{a as i}from"./chunk-2NQMCQ7O.js";import{a}from"./chunk-QJGESXXN.js";import{a as t}from"./chun... L2: //# sourceMappingURL=chunk-2R2C3BHJ.js.map
High
Child Process

Package source references child process execution.

dist/chunk-2R2C3BHJ.jsView on unpkg · L1
dist/vue-vine-Q32TIQRB.jsView file
1import{a as r}from"./chunk-IL2UKTRC.js";import{a as s}from"./chunk-NE26G5AT.js";import{a as i}from"./chunk-S2PPVC2B.js";import{a as t}from"./chunk-HMJAMNJ2.js";import{a as n}from".... L2: //# sourceMappingURL=vue-vine-Q32TIQRB.js.map
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/vue-vine-Q32TIQRB.jsView on unpkg · L1
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = dskcode@0.1.44 matchedIdentity = npm:ZHNrY29kZQ:0.1.44 similarity = 0.556 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
552\u5220\u9664\u884C\u8303\u56F4\uFF1A\u7B2C ${u+1} \u884C ~ \u7B2C ${d+1} \u884C\uFF08\u5171 ${w} \u884C\uFF09 L553: \u53D8\u66F4\uFF1A+${g.additions} -${g.deletions}`,summary:x,diff:g}}catch(o){return{success:!1,data:`\u5220\u9664\u8303\u56F4\u5931\u8D25\uFF1A${o instanceof Error?o.message:Strin... L554: ${Ve(s.stderr)}`);let a=s.exitCode===0,l=i.length>0?i.join(` ... L562: ${s.join(` L563: `)}`),summary:`\u{1F4C2} ${a}\uFF08${s.length} \u9879\uFF09`}}catch(o){return{success:!1,data:`\u5217\u76EE\u5F55\u5931\u8D25\uFF1A${o instanceof Error?o.message:String(o)}`,error:... L564: \u5185\u5BB9\u7C7B\u578B: ${a}`,m=c.length>0?` L565: --- L566: `:"",h=e.url.length>60?e.url.slice(0,57)+"...":e.url,f=`\u{1F310} ${n} ${h} \u2192 ${i.status}`;return{success:i.ok,data:`${d}${m}${u}`,summary:f,error:i.ok?void 0:`HTTP_${i.status... L567: `);for(let r of n){let o=mT.exec(r);if(!o)continue;let s=o[1]??o[3]??"",i=Number(o[2]??o[4]??"0");if(!s)continue;let a=s.replace(/^file:\/\/\//,"").replace(/^file:\/\//,"");if(a.in...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L552
548\u5171\u6267\u884C ${e.edits.length} \u6B65\u66FF\u6362 L549: \u53D8\u66F4\uFF1A+${i.additions} -${i.deletions}`,summary:`\u{1F4DD} \u4FEE\u6539: ${jS(n)} (${e.edits.length} \u6B65, +${i.additions} -${i.deletions})`,diff:i}}catch(r){return{su... L550: `),i=Ym(s,e.startAnchor,"start_anchor");if("error"in i)return{success:!1,data:i.error,error:"ANCHOR_NOT_FOUND"};let a=Ym(s,e.endAnchor,"end_anchor");if("error"in a)return{success:!... ... L552: \u5220\u9664\u884C\u8303\u56F4\uFF1A\u7B2C ${u+1} \u884C ~ \u7B2C ${d+1} \u884C\uFF08\u5171 ${w} \u884C\uFF09 L553: \u53D8\u66F4\uFF1A+${g.additions} -${g.deletions}`,summary:x,diff:g}}catch(o){return{success:!1,data:`\u5220\u9664\u8303\u56F4\u5931\u8D25\uFF1A${o instanceof Error?o.message:Strin... L554: ${Ve(s.stderr)}`);let a=s.exitCode===0,l=i.length>0?i.join(` ... L562: ${s.join(` L563: `)}`),summary:`\u{1F4C2} ${a}\uFF08${s.length} \u9879\uFF09`}}catch(o){return{success:!1,data:`\u5217\u76EE\u5F55\u5931\u8D25\uFF1A${o instanceof Error?o.message:String(o)}`,error:... L564: \u5185\u5BB9\u7C7B\u578B: ${a}`,m=c.length>0?`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L548
2Cross-file remote execution chain: dist/index.js spawns dist/hack-FLOLYEQ5.js; helper contains network access plus dynamic code execution. L2: import{a as td}from"./chunk-KMMG6QC6.js";import{a as Oe,b as Yn,c as Sa}from"./chunk-5Z3DMHRQ.js";import{a as ed}from"./chunk-MDFCAIOB.js";import{a as ma,b as ha,c as Ot,d as ga,e ... L3: `)?u.replace(/(\r?\n)/g,s+"$1"+o):u)+s};return rp(i,Cb(e)).p={t,o:n,p:e.p},i.open=o,i.close=s,i},np=new function e(t=globalThis){let n=typeof t=="number"?t:(_=>{let S=_.process??{}... L4: `,"utf8")}async function nd(){let e=this.optsWithGlobals(),t=e.verbose??!1,n,r=[];try{let o=await Ot(e.config);if(n=o.config,o.errors.length>0)for(let s of o.errors)r.push(s.messag... ... L15: `));return}try{let{imported:s,skipped:i}=await zg(n);s.length>0&&console.log(Xe.green(` \u2714 \u5DF2\u5BFC\u5165 ${String(s.length)} \u4E2A skill \u5230 ~/.dskcode/skills`)),i.le... L16: `))}}async function Xg(){let e=tr();if(!Dt(e))return[];let t;try{t=await er(e)}catch{return[]}let n=[];for(let r of t){let o=Je(e,r);Qn(o).isDirectory()&&await nr(o)&&n.push(r)}ret... L17: `)}function $a(e,t=80){if(e===null)return"null";if(e===void 0)return"undefined";if(typeof e=="string")return …
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L2

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/chunk-2R2C3BHJ.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
HighCross File Remote Execution Contextdist/index.js
MediumDynamic Requiredist/vue-vine-Q32TIQRB.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings