registry  /  greprag  /  5.50.0

greprag@5.50.0

⚠ Under review

GrepRAG — agent memory for Claude Code, Codex, and OpenCode.

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 112 file(s), 1.32 MB of source, external domains: 127.0.0.1, api.greprag.com, code.claude.com, docs.claude.com, docs.stripe.com, registry.npmjs.org

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/commands/codex.jsView file
51const codex_wake_test_1 = require("./codex-wake-test"); L52: const API_URL_DEFAULT = 'https://api.greprag.com'; L53: const HEARTBEAT_IDLE_MS = 70_000; L54: function home() { L55: return process.env.HOME || process.env.USERPROFILE || os.homedir(); L56: } ... L103: .filter(Boolean) L104: .map(line => JSON.parse(line)) L105: .filter(row => typeof row.id === 'string'); ... L171: } L172: return saw ? { event, id, data: data.join('\n') } : null; L173: }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/commands/codex.jsView on unpkg · L51
scripts/postinstall.jsView file
1Install-time AI-agent control hijack evidence: L24: name: 'Claude Code', L25: agentDir: path.join(home, '.claude'), L26: skillsTarget: path.join(home, '.claude', 'skills'), L27: docsTarget: path.join(home, '.claude', 'docs'), L28: refreshClaudeDocs: true, ... L31: name: 'Codex', L32: agentDir: path.join(home, '.codex'), L33: skillsTarget: path.join(home, '.codex', 'skills'), L34: docsTarget: path.join(home, '.codex', 'docs'), L35: refreshClaudeDocs: false, ... L39: function copyDir(src, dest) { L40: fs.mkdirSync(dest, { recursive: true }); Payload evidence from skill/content-advisor/SKILL.md: L1: --- L2: name: content-advisor
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/postinstall.jsView on unpkg · L1

Findings

1 Critical1 High6 Medium5 Low
CriticalAi Agent Control Hijackscripts/postinstall.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/commands/codex.js
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings