registry  /  instar  /  1.3.728

instar@1.3.728

⚠ Under review

Coherence infrastructure for self-evolving AI agents — on the Claude Code or Codex subscription you already have.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 21 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,528 file(s), 19.5 MB of source, external domains: 127.0.0.1, abc123.trycloudflare.com, api.anthropic.com, api.cloudflare.com, api.github.com, api.groq.com, api.mail.tm, api.openai.com, api.slack.com, api.telegra.ph, api.telegram.org, blob.vercel-storage.com, bot-me.ai, brew.sh, cli.github.com, console.cloud.google.com, dawn.bot-me.ai, docs.anthropic.com, en.wikipedia.org, feedback.dawn-tunnel.dev, files.slack.com, git-scm.com, github.com, graph.facebook.com, instar-telemetry.sagemind-ai.workers.dev, instar.sh, myapp.vercel.app, nodejs.org, platform.claude.com, raw.githubusercontent.com, sagemindai.io, sentry.io, slack.com, staging.myapp.com, telegra.ph, threadline-relay.fly.dev, web.telegram.org, www.apple.com, www.npmjs.com

Source & flagged code

12 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/fix-better-sqlite3.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
skills/credential-leak-detector/SKILL.mdView file
27patternName = aws_access_key severity = critical line = 27 matchedText = | AWS ac...F` |
Critical
Critical Secret

Package contains a critical-looking secret pattern.

skills/credential-leak-detector/SKILL.mdView on unpkg · L27
27patternName = aws_access_key severity = critical line = 27 matchedText = | AWS ac...F` |
Critical
Secret Pattern

AWS access key ID in skills/credential-leak-detector/SKILL.md

skills/credential-leak-detector/SKILL.mdView on unpkg · L27
28patternName = github_pat severity = critical line = 28 matchedText = | GitHub...x` |
Critical
Secret Pattern

GitHub personal access token in skills/credential-leak-detector/SKILL.md

skills/credential-leak-detector/SKILL.mdView on unpkg · L28
31patternName = private_key_rsa severity = critical line = 31 matchedText = | PEM pr...-` |
Critical
Secret Pattern

RSA private key in skills/credential-leak-detector/SKILL.md

skills/credential-leak-detector/SKILL.mdView on unpkg · L31
dist/threadline/PipeSessionSpawner.jsView file
15*/ L16: import { execSync } from 'node:child_process'; L17: import fs from 'node:fs';
High
Child Process

Package source references child process execution.

dist/threadline/PipeSessionSpawner.jsView on unpkg · L15
281// Spawn tmux session L282: execSync(`tmux new-session -d -s "${sessionName}" -x 200 -y 50 'bash -c "${shellCmd.replace(/"/g, '\\"')}"'`, { timeout: 10_000 }); L283: // Wait for session to be created
High
Shell

Package source references shell execution.

dist/threadline/PipeSessionSpawner.jsView on unpkg · L281
dist/memory/SemanticMemory.jsView file
428// better-sqlite3 loads its native binding at module-load time, so a L429: // NODE_MODULE_VERSION mismatch throws inside `await import(...)`. The L430: // healer rebuilds better-sqlite3 synchronously and retries once. See PROP-399.
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/memory/SemanticMemory.jsView on unpkg · L428
skills/spec-converge/scripts/publish-spec-review.mjsView file
20* --spec docs/specs/FOO-SPEC.md \ L21: * --pr https://github.com/JKHeadley/instar/pull/670 \ L22: * --topic 12476 [--send] ... L30: import path from 'node:path'; L31: import { spawnSync } from 'node:child_process'; L32: import { checkEli16Overview } from '../../../scripts/eli16-overview-check.mjs'; L33: L34: export const API_PORT = Number(process.env.INSTAR_PORT) || 4042; L35:
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

skills/spec-converge/scripts/publish-spec-review.mjsView on unpkg · L20
dist/core/upgradeAnnouncement.jsView file
19contains invisible/control Unicode U+FEFF (zero width no-break space) const FRONTMATTER_RE = /^<U+FEFF>?---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/;
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/core/upgradeAnnouncement.jsView on unpkg · L19
.claude/hooks/free-text-guard.shView file
path = .claude/hooks/free-text-guard.sh kind = payload_in_excluded_dir sizeBytes = 3888 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.claude/hooks/free-text-guard.shView on unpkg
path = .claude/hooks/free-text-guard.sh kind = build_helper sizeBytes = 3888 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

.claude/hooks/free-text-guard.shView on unpkg

Findings

5 Critical5 High5 Medium6 Low
CriticalCritical Secretskills/credential-leak-detector/SKILL.md
CriticalTrojan Source Unicodedist/core/upgradeAnnouncement.js
CriticalSecret Patternskills/credential-leak-detector/SKILL.md
CriticalSecret Patternskills/credential-leak-detector/SKILL.md
CriticalSecret Patternskills/credential-leak-detector/SKILL.md
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/threadline/PipeSessionSpawner.js
HighShelldist/threadline/PipeSessionSpawner.js
HighSame File Env Network Executionskills/spec-converge/scripts/publish-spec-review.mjs
HighPayload In Excluded Dir.claude/hooks/free-text-guard.sh
MediumDynamic Requiredist/memory/SemanticMemory.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helper.claude/hooks/free-text-guard.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings