registry  /  makecoder  /  4.1.28

makecoder@4.1.28

MakeCoder Coder: AI Agent Runtime OS that runs and orchestrates Claude Code, Codex, Gemini and more across CLI, API, Web and chat

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious exfiltration or destructive behavior was found. The main residual risk is an install hook that performs unpinned npm installation of bun and may place bundled search-tool binaries on PATH for global installs.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install of makecoder, especially when bun is unavailable or npm_config_global=true
Impact
Unpinned install-time network dependency resolution and PATH mutation create supply-chain risk, but observed behavior is package-aligned.
Mechanism
install-time dependency installation and global binary placement
Attack narrative
At install time, the package checks for bun and may invoke npm to install bun@latest and a platform bun package into its own directory; on global installs it also links bundled search tools into the global bin directory. Runtime code launches AI agents through MakeCoder gateway settings and can modify agent/workspace configuration only through explicit CLI or local server actions.
Rationale
Source inspection does not support the scanner's credential-exfiltration claim, but the lifecycle hook performs networked, unpinned dependency installation and PATH mutation. This warrants warning rather than blocking because the behavior is visible, package-aligned, and not a confirmed malicious payload.
Evidence
package.jsonscripts/postinstall.jsdist/coder.jsdist/zod/v4-mini/index.cjsdist/gemini/tree-sitter-bash-GW2AIDO2.jsdist/<platform>/rgdist/<platform>/ugrepdist/<platform>/bfs~/.coder/config.json~/.agents/skills~/.claude/skills~/.claude/commands~/Library/Application Support/Claude-3p
Network endpoints8
api.makecoder.com/v1cdn.makecoder.com/cdnuploads/claude-app/Claude-darwin-universal-1.12603.1.dmgcdn.makecoder.com/cdnuploads/codex-app/Codex-darwin-arm64-26.609.41114.dmgcdn.makecoder.com/cdnuploads/codex-app/Codex-darwin-x64-26.609.41114.dmgregistry.npmmirror.com/makecoder/latestskills.sh/api/searchapi.github.com/repos/raw.githubusercontent.com/

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js.
  • scripts/postinstall.js runs npm install --no-save bun@latest plus platform bun package if bun is absent.
  • scripts/postinstall.js can symlink/copy bundled rg/ugrep/bfs into the global bin dir on global installs.
  • dist/coder.js injects MakeCoder runtime prompt/config into launched Claude/Codex/Gemini agent processes.
Evidence against
  • No install-time credential or environment exfiltration found in scripts/postinstall.js.
  • dist/coder.js stores API keys in ~/.coder*/config.json or passes them to MakeCoder gateway endpoints for the advertised agent runtime.
  • Skill, Claude Desktop, workspace, and agent-control writes are tied to explicit CLI/server API actions, not import-time execution.
  • dist/zod/v4-mini/index.cjs is a normal re-export shim; tree-sitter-bash file is embedded WASM data, not a secret.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 477 file(s), 13.8 MB of source, external domains: 127.0.0.1, ai.google.dev, aiplatform.googleapis.com, api.github.com, api.makecoder.com, api.telegram.org, asdf.c, asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf.com, base64.guru, bugs.chromium.org, bun.sh, cdn.makecoder.com, chromestatus.com, chromewebstore.google.com, chromium.googlesource.com, chromiumdash.appspot.com, code.claude.com, datatracker.ietf.org, developer.chrome.com, developer.mozilla.org, developers.google.com, docs.expo.dev, docs.stripe.com, dotenvx.com, elevenlabs.io, empty.invalid, example.com, example.net.il, example.org, examples.com, fb.me, fburl.com, fedidcg.github.io, feross.org, ffmpeg.org, flow.makecoder.com, geminicli.com, github.com, goo.gle, google.com, html.spec.whatwg.org, huggingface.co, imagemagick.org, jimeng.jianying.com, jimmy.warting.se, jqlang.github.io, json-schema.org, jsonplaceholder.typicode.com, makecoder.com, mirrors.cloud.tencent.com
Oversized source lightweight scan
dist/darwin-arm64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/darwin-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/gemini/bundled/chrome-devtools-mcp.mjs11.1 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellHighEntropyStringsUrlStringschromewebstore.google.comgithub.comnodejs.org
dist/gemini/bundled/third_party/index.js7.62 MB file, sampled 256 KB
FilesystemNetworkChildProcessCryptoShellHighEntropyStringsUrlStringsbugs.chromium.orgchromestatus.comchromium.googlesource.comchromiumdash.appspot.comdatatracker.ietf.orgdeveloper.chrome.comdeveloper.mozilla.orgdevelopers.google.comfedidcg.github.iogithub.comgoo.glehtml.spec.whatwg.orgprivacycg.github.ioprivacysandbox.comweb.devwicg.github.iowww.chromium.orgwww.ietf.orgwww.rfc-editor.orgxhr.spec.whatwg.org
dist/gemini/chunk-GYTCBA2A.js7.61 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalCryptoHighEntropyStringsMinifiedUrlStringsfeross.orggithub.comhuggingface.cojimmy.warting.sewww.apache.org
dist/gemini/chunk-PE6GLDYB.js7.58 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalCryptoHighEntropyStringsMinifiedUrlStringsfeross.orggithub.comhuggingface.cojimmy.warting.sewww.apache.org
dist/linux-arm64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/linux-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/win32-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com

Source & flagged code

25 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/gemini/tree-sitter-bash-GW2AIDO2.jsView file
2patternName = aws_access_key severity = critical line = 2 matchedText = import{g...lt};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/gemini/tree-sitter-bash-GW2AIDO2.jsView on unpkg · L2
2patternName = aws_access_key severity = critical line = 2 matchedText = import{g...lt};
Critical
Secret Pattern

AWS access key ID in dist/gemini/tree-sitter-bash-GW2AIDO2.js

dist/gemini/tree-sitter-bash-GW2AIDO2.jsView on unpkg · L2
dist/coder.jsView file
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ea]}Td.exports={withRuntimePrompt:Gb}});var Ad=S((YP,xd)=>{var Bb=ur(),{spawn:Wb,execFileSync:Hb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/coder.jsView on unpkg · L1
7`),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"...
High
Child Process

Package source references child process execution.

dist/coder.jsView on unpkg · L7
339`),t.push("**Use `--format json` for structured data.**\n"),t.push("The default brief includes the commands needed for the core agent loop. For everything else, run `coder flow --h... L340: `),pI.platform()==="win32"?t.push("On Windows, **always write the comment body to a UTF-8 file with your file-write tool first, then post it with `--content-file <path>`** \u2014 d... L341: `),t.push("The following code repositories are available in this workspace."),t.push("Use `coder flow repo checkout <url>` to check out a repository into your working directory. Ad...
High
Shell

Package source references shell execution.

dist/coder.jsView on unpkg · L339
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ea]}Td.exports={withRuntimePrompt:Gb}});var Ad=S((YP,xd)=>{var Bb=ur(),{spawn:Wb,execFileSync:Hb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ea]}Td.exports={withRuntimePrompt:Gb}});var Ad=S((YP,xd)=>{var Bb=ur(),{spawn:Wb,execFileSync:Hb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/coder.jsView on unpkg · L1
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ea]}Td.exports={withRuntimePrompt:Gb}});var Ad=S((YP,xd)=>{var Bb=ur(),{spawn:Wb,execFileSync:Hb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/coder.jsView on unpkg · L1
28patternName = generic_password severity = medium line = 28 matchedText = `)}}nu.e...in(`
Medium
Secret Pattern

Hardcoded password in dist/coder.js

dist/coder.jsView on unpkg · L28
1#!/usr/bin/env node L2: var Lb=Object.create;var gd=Object.defineProperty;var vb=Object.getOwnPropertyDescriptor;var Ub=Object.getOwnPropertyNames;var Db=Object.getPrototypeOf,Ob=Object.prototype.hasOwnPr... L3: `);return}typeof t=="string"?process.stdout.write(t+` ... L7: `),s&&process.stderr.write(`Hint: ${s} L8: `)}};wd.exports={CoderContext:Zi,DEFAULT_BASE_URL:_d}});var ur=S((VP,Ed)=>{var{spawn:jb}=require("child_process"),dr=require("path"),Sd=require("fs"),Yi=class{constructor(t){this.c... L9: `);kd.exports={CODER_RUNTIME_PROMPT:Pb}});var Id=S((ZP,Td)=>{var Mb=require("fs"),{CODER_RUNTIME_PROMPT:ea}=Qi(),Fb=new Set(["agents","auth","auto-mode","config","doctor","install"... ... L12: L13: ${r}`),t}return[...t,"--append-system-prompt",ea]}Td.exports={withRuntimePrompt:Gb}});var Ad=S((YP,xd)=>{var Bb=ur(),{spawn:Wb,execFileSync:Hb}=require("child_process"),co=require(... L14: `))}_getBunPlatformPackage(){let t=process.platform,s=process.arch;return{"darwin-arm64":"@oven-sh/bun-darwin-aarch64","darwin-x64":"@oven-sh/bun-darwin-x64","linux-arm64":"@oven-s... ... L22: baseurl=${s||""} L23: `;return Ae.writeFileSync(`${l}.conf`,d,{mode:384}),process.env.CODER_DEBUG&&(console.lo
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/coder.jsView on unpkg · L1
dist/zod/v4-mini/index.cjsView file
16Object.defineProperty(exports, "__esModule", { value: true }); L17: __exportStar(require("../v4/mini/index.cjs"), exports);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/zod/v4-mini/index.cjsView on unpkg · L16
dist/linux-arm64/rgView file
path = dist/linux-arm64/rg kind = native_binary sizeBytes = 4543848 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/linux-arm64/rgView on unpkg
dist/gemini/chunk-GYTCBA2A.jsView file
path = dist/gemini/chunk-GYTCBA2A.js kind = oversized_source_file sizeBytes = 7983738 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/gemini/chunk-GYTCBA2A.jsView on unpkg
dist/gemini/bundled/chrome-devtools-mcp.mjsView file
path = dist/gemini/bundled/chrome-devtools-mcp.mjs kind = oversized_cli_entrypoint sizeBytes = 11625049 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/gemini/bundled/chrome-devtools-mcp.mjsView on unpkg
dist/zod/src/v4/mini/tests/string.test.tsView file
289patternName = supabase_service_key severity = critical line = 289 matchedText = "eyJhbGc...w5c"
Critical
Secret Pattern

Supabase service role key (JWT) in dist/zod/src/v4/mini/tests/string.test.ts

dist/zod/src/v4/mini/tests/string.test.tsView on unpkg · L289
292patternName = supabase_service_key severity = critical line = 292 matchedText = "eyJhbGc...w5c"
Critical
Secret Pattern

Supabase service role key (JWT) in dist/zod/src/v4/mini/tests/string.test.ts

dist/zod/src/v4/mini/tests/string.test.tsView on unpkg · L292
dist/zod/src/v4/classic/tests/refine.test.tsView file
66patternName = generic_password severity = medium line = 66 matchedText = password...aa",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L66
93patternName = generic_password severity = medium line = 93 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L93
103patternName = generic_password severity = medium line = 103 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L103
dist/zod/src/v3/tests/refine.test.tsView file
40patternName = generic_password severity = medium line = 40 matchedText = password...aa",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v3/tests/refine.test.ts

dist/zod/src/v3/tests/refine.test.tsView on unpkg · L40
74patternName = generic_password severity = medium line = 74 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v3/tests/refine.test.ts

dist/zod/src/v3/tests/refine.test.tsView on unpkg · L74

Findings

6 Critical8 High14 Medium6 Low
CriticalCritical Secretdist/gemini/tree-sitter-bash-GW2AIDO2.js
CriticalCredential Exfiltrationdist/coder.js
CriticalCommand Output Exfiltrationdist/coder.js
CriticalSecret Patterndist/zod/src/v4/mini/tests/string.test.ts
CriticalSecret Patterndist/zod/src/v4/mini/tests/string.test.ts
CriticalSecret Patterndist/gemini/tree-sitter-bash-GW2AIDO2.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/coder.js
HighShelldist/coder.js
HighSame File Env Network Executiondist/coder.js
HighHost Fingerprint Exfiltrationdist/coder.js
HighSandbox Evasion Gated Capabilitydist/coder.js
HighObfuscated
HighOversized Source Filedist/gemini/chunk-GYTCBA2A.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/zod/v4-mini/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/coder.js
MediumShips Native Binarydist/linux-arm64/rg
MediumOversized Cli Entrypointdist/gemini/bundled/chrome-devtools-mcp.mjs
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v3/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v3/tests/refine.test.ts
MediumSecret Patterndist/coder.js
LowScripts Present
LowEval
LowWeak Cryptodist/coder.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings