registry  /  fullstackgtm  /  0.52.3

fullstackgtm@0.52.3

Open-source agentic GTM ops framework: canonical GTM data model, pluggable deterministic audits, reviewable dry-run patch plans, approval-gated write-back with conflict detection, and cross-system entity resolution. HubSpot, Salesforce, and Stripe connect

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 206 file(s), 3.03 MB of source, external domains: api.anthropic.com, api.apollo.io, api.ashbyhq.com, api.clay.com, api.explorium.ai, api.heyreach.io, api.hubapi.com, api.lever.co, api.openai.com, api.pipe0.com, api.stripe.com, api.theirstack.com, app.fullstackgtm.com, app.hubspot.com, boards-api.greenhouse.io, example.com, github.com, gtm.example.com, gtm.yourco.com, login.salesforce.com, openrouter.ai, schemas.xmlsoap.org, serpapi.com, www.apple.com, www.google.com, yourco.my.salesforce.com, yourorg.my.salesforce.com

Source & flagged code

4 flagged · loading source
dist/config.jsView file
80: specifier; L81: const rulePackage = await import(__rewriteRelativeImportExtension(resolvedSpecifier)); L82: const imported = rulePackage.rules ?? rulePackage.default?.rules;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/config.jsView on unpkg · L80
dist/cli/schedule.jsView file
6import { createFileEnrichRunStore } from "../enrich.js"; L7: import { computeMissedFirings, createFileScheduleRunStore, createFileScheduleStore, installLaunchdAgents, isDuplicateCronFiring, nextCronFiring, parseCron, renderManagedBlock, repl... L8: import { runCli } from "../cli.js"; ... L59: L60: run executes the command in-process and records the outcome (exit code, L61: output tail, artifacts: plan ids / enrich run labels) under the profile's ... L183: const { installed } = installLaunchdAgents(profile, enabled, scheduleCliArgv(), io, { L184: environment: process.env.FSGTM_HOME ? { FSGTM_HOME: process.env.FSGTM_HOME } : undefined, L185: logDir, ... L194: if (subcommand === "uninstall") { L195: io.write(replaceManagedBlock(existing, profile, null)); L196: console.log(`Removed the fullstackgtm managed crontab block for profile "${profile}" (lines outside the sentinels untouched).`);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli/schedule.jsView on unpkg · L6
dist/cli/auth.jsView file
31* minted live-CRM tokens, so it must be TLS unless it's an explicit localhost L32: * dev target. Refuse http:// (and non-http schemes) otherwise — single-quote L33: * shell escaping does nothing for a token sent in cleartext. ... L57: // and refuse one they didn't initiate. L58: const requesterLabel = `${os.hostname()} (${process.platform}, ${os.userInfo().username})`; L59: let startResponse; ... L63: headers: { "Content-Type": "application/json" }, L64: body: JSON.stringify({ requesterLabel }), L65: }); ... L73: } L74: const start = await startResponse.json(); L75: // Only auto-open a verification URL that belongs to the --via origin the user
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

dist/cli/auth.jsView on unpkg · L31
31* minted live-CRM tokens, so it must be TLS unless it's an explicit localhost L32: * dev target. Refuse http:// (and non-http schemes) otherwise — single-quote L33: * shell escaping does nothing for a token sent in cleartext. ... L57: // and refuse one they didn't initiate. L58: const requesterLabel = `${os.hostname()} (${process.platform}, ${os.userInfo().username})`; L59: let startResponse; ... L63: headers: { "Content-Type": "application/json" }, L64: body: JSON.stringify({ requesterLabel }), L65: }); ... L73: } L74: const start = await startResponse.json(); L75: // Only auto-open a verification URL that belongs to the --via origin the user
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli/auth.jsView on unpkg · L31

Findings

2 High5 Medium5 Low
HighHost Fingerprint Exfiltrationdist/cli/auth.js
HighSandbox Evasion Gated Capabilitydist/cli/auth.js
MediumDynamic Requiredist/config.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli/schedule.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings