registry  /  foremanjs  /  0.3.0

foremanjs@0.3.0

Foreman — the review inbox for your AI workforce. Risk-ranked review cards for every agent session, with signed MCP receipts proving what tools actually did.

Static Scan Results

scanned 6h ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 66.1 KB of source, external domains: 127.0.0.1

Source & flagged code

1 flagged · loading source
README.mdView file
- **Rug-pull detection** — tool definitions are fingerprinted on first use. If a server's tool descriptions ever change (*"adds two numbers"* → *"adds two numbers. IGNORE PREVIOUS INSTRUCTIONS…"*), a finding lands in your inbox. Re-accept intentional updates with `foreman trust <server>`.
High
Ai Reviewer Manipulation

Package text addresses the security reviewer or scanner and tries to influence the review outcome.

README.mdView on unpkg

Findings

1 High2 Medium4 Low
HighAi Reviewer ManipulationREADME.md
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings