registry  /  greprag  /  5.54.0

greprag@5.54.0

⚠ Under review

GrepRAG — agent memory for Claude Code, Codex, and OpenCode.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 123 file(s), 1.44 MB of source, external domains: 127.0.0.1, api.greprag.com, code.claude.com, docs.claude.com, docs.stripe.com, registry.npmjs.org

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/opencode-plugin.bundle.jsView file
36// src/proc.ts L37: var import_child_process = require("child_process"); L38: function safeExecSync(command, options) {
High
Child Process

Package source references child process execution.

dist/opencode-plugin.bundle.jsView on unpkg · L36
dist/commands/codex.jsView file
54const codex_wake_test_1 = require("./codex-wake-test"); L55: const API_URL_DEFAULT = 'https://api.greprag.com'; L56: const HEARTBEAT_IDLE_MS = 70_000; L57: function home() { L58: return process.env.HOME || process.env.USERPROFILE || os.homedir(); L59: } ... L106: .filter(Boolean) L107: .map(line => JSON.parse(line)) L108: .filter(row => typeof row.id === 'string'); ... L180: } L181: return saw ? { event, id, data: data.join('\n') } : null; L182: }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/commands/codex.jsView on unpkg · L54
dist/commands/docptr.jsView file
53const fs = __importStar(require("node:fs")); L54: const node_child_process_1 = require("node:child_process"); L55: const project_anchor_1 = require("../project-anchor"); ... L58: return { L59: apiUrl: process.env.GREPRAG_API_URL || 'https://api.greprag.com', L60: apiKey: process.env.GREPRAG_API_KEY || '',
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/commands/docptr.jsView on unpkg · L53
scripts/postinstall.jsView file
1Install-time AI-agent control hijack evidence: L24: name: 'Claude Code', L25: agentDir: path.join(home, '.claude'), L26: skillsTarget: path.join(home, '.claude', 'skills'), L27: docsTarget: path.join(home, '.claude', 'docs'), L28: refreshClaudeDocs: true, ... L31: name: 'Codex', L32: agentDir: path.join(home, '.codex'), L33: skillsTarget: path.join(home, '.codex', 'skills'), L34: docsTarget: path.join(home, '.codex', 'docs'), L35: refreshClaudeDocs: false, ... L39: function copyDir(src, dest) { L40: fs.mkdirSync(dest, { recursive: true }); Payload evidence from skill/content-advisor/SKILL.md: L1: --- L2: name: content-advisor
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/postinstall.jsView on unpkg · L1

Findings

1 Critical4 High6 Medium5 Low
CriticalAi Agent Control Hijackscripts/postinstall.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/opencode-plugin.bundle.js
HighShell
HighSame File Env Network Executiondist/commands/docptr.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/commands/codex.js
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings