registry  /  klaudius  /  0.17.3

klaudius@0.17.3

⚠ Under review

Scaffold and maintain a Klaudius project — an autonomous web agency pipeline that runs on Claude Code (find, build, deploy, outreach end-to-end).

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 5 file(s), 155 KB of source, external domains: account.microsoft.com, accounts.zoho.com, api.cloudflare.com, api.netlify.com, api.supabase.com, api.telegram.org, api.twilio.com, api.vercel.com, app.fastmail.com, app.netlify.com, console.cloud.google.com, console.twilio.com, dash.cloudflare.com, en.wikipedia.org, klaudius.dev, myaccount.google.com, nodejs.org, places.googleapis.com, registry.npmjs.org, supabase.com, vercel.com, www.python.org, xxxx.supabase.co

Source & flagged code

4 flagged · loading source
dist/bin.jsView file
matchType = previous_version_dangerous_delta matchedPackage = klaudius@0.17.2 matchedIdentity = npm:a2xhdWRpdXM:0.17.2 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin.jsView on unpkg
1#!/usr/bin/env node L2: import{a as Q,b as Ke,c as He,d as P,f as Fe,g as Ve}from"./chunk-SZ4KCTSL.js";import{a as ce,b as Ge,c as Be,d as de,e as Ye,i as We}from"./chunk-ZTT5HVYU.js";import{Command as hs... L3: `));let n=[];n.push(Bt());let s=await Z();n.push(Yt(s)),n.push(await Wt(s.command)),n.push(await zt()),n.push(await qt());for(let i of n){let a=i.status==="ok"?_.green("\u2713"):_....
High
Child Process

Package source references child process execution.

dist/bin.jsView on unpkg · L1
1#!/usr/bin/env node L2: import{a as Q,b as Ke,c as He,d as P,f as Fe,g as Ve}from"./chunk-SZ4KCTSL.js";import{a as ce,b as Ge,c as Be,d as de,e as Ye,i as We}from"./chunk-ZTT5HVYU.js";import{Command as hs... L3: `));let n=[];n.push(Bt());let s=await Z();n.push(Yt(s)),n.push(await Wt(s.command)),n.push(await zt()),n.push(await qt());for(let i of n){let a=i.status==="ok"?_.green("\u2713"):_....
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bin.jsView on unpkg · L1
1#!/usr/bin/env node L2: import{a as Q,b as Ke,c as He,d as P,f as Fe,g as Ve}from"./chunk-SZ4KCTSL.js";import{a as ce,b as Ge,c as Be,d as de,e as Ye,i as We}from"./chunk-ZTT5HVYU.js";import{Command as hs... L3: `));let n=[];n.push(Bt());let s=await Z();n.push(Yt(s)),n.push(await Wt(s.command)),n.push(await zt()),n.push(await qt());for(let i of n){let a=i.status==="ok"?_.green("\u2713"):_.... ... L13: `}function tn(e){return e.length>=2&&e.startsWith('"')&&e.endsWith('"')?e.slice(1,-1).replace(/\\\\/g,"\\").replace(/\\"/g,'"').replace(/\\\$/g,"$").replace(/\\`/g,"`"):e.length>=2... L14: `)){let t=s.trim();if(!t||t.startsWith("#"))continue;let i=t.indexOf("=");if(i===-1)continue;let a=t.slice(0,i).trim(),l=tn(t.slice(i+1).trim());n[a]=l}return n}function tt(e){let ... L15: `+B.bold(B.cyan(e))),detail:e=>console.log(B.dim(" "+e))};var ln="https://registry.npmjs.org/klaudius/latest";async function cn(e=1500){let n=new AbortController,s=setTimeout(()=...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/bin.jsView on unpkg · L1

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/bin.js
HighChild Processdist/bin.js
HighSame File Env Network Executiondist/bin.js
HighCommand Output Exfiltrationdist/bin.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License