registry  /  kaijibot  /  2026.7.1-4

kaijibot@2026.7.1-4

⚠ Under review

Proactive cognitive AI assistant — learns your interests, pushes insights, evolves skills autonomously

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 26 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
WildcardDependency
scanned 2,548 file(s), 21.7 MB of source, external domains: 127.0.0.1, 169.254.169.254, accounts.google.com, accounts.openai.com, ai-gateway.vercel.sh, ai.azure.com, aiplatform.googleapis.com, aistudio.google.com, angular.io, api.ant-ling.com, api.anthropic.com, api.arcee.ai, api.cerebras.ai, api.chutes.ai, api.cloudflare.com, api.copilot.example, api.deepinfra.com, api.deepseek.com, api.dev.runwayml.com, api.exa.ai, api.example.com, api.fireworks.ai, api.github.com, api.gradium.ai, api.groq.com, api.individual.githubcopilot.com, api.kilo.ai, api.kimi.com, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.openai.com, api.perplexity.ai, api.push.apple.com, api.sandbox.push.apple.com, api.stepfun.ai, api.stepfun.com, api.tavily.com, api.together.ai, api.together.xyz, api.venice.ai, api.voyageai.com, api.x.ai, api.xiaomimimo.com, api.z.ai, ark.ap-southeast.bytepluses.com, ark.cn-beijing.volces.com, auth.openai.com
Oversized source lightweight scan
dist/extensions/diffs/assets/viewer-runtime.js9.41 MB file, sampled 256 KB
HighEntropyStrings

Source & flagged code

14 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall-bundled-plugins.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
kaijibot.mjsView file
74try { L75: const mod = await import(specifier); L76: if (typeof mod.installProcessWarningFilter === "function") {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

kaijibot.mjsView on unpkg · L74
dist/tui-DEYkfyQl.jsView file
725contains invisible/control Unicode U+2067 (right-to-left isolate) const RTL_ISOLATE_START = "<U+2067>";
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/tui-DEYkfyQl.jsView on unpkg · L725
skills/video-frames/scripts/frame.shView file
path = skills/video-frames/scripts/frame.sh kind = build_helper sizeBytes = 1347 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/video-frames/scripts/frame.shView on unpkg
dist/extensions/diffs/assets/viewer-runtime.jsView file
path = [redacted]-runtime.js kind = oversized_source_file sizeBytes = 9867326 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/extensions/diffs/assets/viewer-runtime.jsView on unpkg
docs/install/macos-vm.mdView file
219patternName = generic_password severity = medium line = 219 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/install/macos-vm.md

docs/install/macos-vm.mdView on unpkg · L219
docs/help/faq.mdView file
2691patternName = generic_password severity = medium line = 2691 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/help/faq.md

docs/help/faq.mdView on unpkg · L2691
docs/gateway/tailscale.mdView file
90patternName = generic_password severity = medium line = 90 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/gateway/tailscale.md

docs/gateway/tailscale.mdView on unpkg · L90
docs/gateway/configuration-reference.mdView file
714patternName = generic_password severity = medium line = 714 matchedText = password...D}",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L714
2843patternName = generic_password severity = medium line = 2843 matchedText = // passw...WORD
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2843
2870patternName = generic_password severity = medium line = 2870 matchedText = // passw...rd",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2870
docs/channels/bluebubbles.mdView file
44patternName = generic_password severity = medium line = 44 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/bluebubbles.md

docs/channels/bluebubbles.mdView on unpkg · L44
docs/channels/matrix.mdView file
140patternName = generic_password severity = medium line = 140 matchedText = password...cret
Medium
Secret Pattern

Hardcoded password in docs/channels/matrix.md

docs/channels/matrix.mdView on unpkg · L140
docs/channels/irc.mdView file
203patternName = generic_password severity = medium line = 203 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/irc.md

docs/channels/irc.mdView on unpkg · L203

Findings

1 Critical2 High16 Medium7 Low
CriticalTrojan Source Unicodedist/tui-DEYkfyQl.js
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filedist/extensions/diffs/assets/viewer-runtime.js
MediumDynamic Requirekaijibot.mjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperskills/video-frames/scripts/frame.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patterndocs/install/macos-vm.md
MediumSecret Patterndocs/help/faq.md
MediumSecret Patterndocs/gateway/tailscale.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/channels/bluebubbles.md
MediumSecret Patterndocs/channels/matrix.md
MediumSecret Patterndocs/channels/irc.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings