registry  /  gitdone-agent  /  0.6.12

gitdone-agent@0.6.12

Local git agent for gitdone — watches a local repo and sends snapshots to gitdone.eu

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 70.6 KB of source, external domains: api.anthropic.com, gitdone.eu

Source & flagged code

1 flagged · loading source
index.jsView file
11L12: import { execSync, execFileSync, spawn } from 'node:child_process' L13: import { ... L27: // Reported to the server on every sync so the web UI can flag outdated agents. L28: // Keep in lockstep with packages/agent/package.json "version" AND L29: // src/lib/agentVersion.ts LATEST_AGENT_VERSION. ... L31: L32: const AGENT_DIR = join(homedir(), '.gitdone-agent') L33: const CONFIG_PATH = join(AGENT_DIR, 'config.json') ... L47: function readConfig() { L48: try { return JSON.parse(readFileSync(CONFIG_PATH, 'utf8')) } catch { return null } L49: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L11

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings