registry  /  makecoder  /  4.1.34

makecoder@4.1.34

MakeCoder Coder: AI Agent Runtime OS that runs and orchestrates Claude Code, Codex, Gemini and more across CLI, API, Web and chat

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious payload was found. The unresolved risk is an install hook that performs network package installation and global tool placement as setup behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install, especially when bun is absent or install is global
Impact
Unexpected network execution and PATH/global-bin mutation during install; no confirmed credential theft or destructive action.
Mechanism
postinstall dependency installation and global binary linking
Attack narrative
Install runs scripts/postinstall.js, which checks for bun and may invoke npm to install bun plus a platform package inside the package directory. For global installs it also attempts to place bundled search tools in the global bin directory. Runtime commands can configure Claude Desktop and agent tools, but these paths appear user-invoked and aligned with the advertised agent runtime.
Rationale
Static inspection does not support a malicious verdict: suspicious primitives are mostly package-aligned setup and AI-agent orchestration. The postinstall network install/global-bin mutation is enough to warn because it expands install-time effects beyond ordinary package extraction.
Evidence
package.jsonscripts/postinstall.jsdist/coder.jsdist/codex.mjsdist/gemini/chunk-ZKZMOUOK.jsdist/<platform>/rgdist/<platform>/ugrepdist/<platform>/bfs~/.coder/config.json~/Library/Application Support/Claude-3p/claude_desktop_config.json~/Library/Application Support/Claude-3p/configLibrary/*.json
Network endpoints6
api.makecoder.com/v1cdn.makecoder.com/cdnuploads/claude-app/Claude-darwin-universal-1.12603.1.dmgregistry.npmmirror.com/makecoder/latestskills.sh/api/searchapi.github.com/reposraw.githubusercontent.com

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs npm install --no-save bun@latest and platform bun package when bun is absent
  • scripts/postinstall.js can rm/symlink/copy bundled rg/ugrep/bfs into global bin for global installs
  • dist/coder.js contains user-invoked Claude Desktop setup that writes gateway/shim config with API key
Evidence against
  • No install-time credential harvesting or exfiltration found in scripts/postinstall.js
  • Main/bin behavior is an AI agent orchestrator matching package description
  • Network hosts are package-aligned update/auth/marketplace/provider endpoints
  • Clipboard crypto hint appears to be false positive from bundled Gemini/highlight/color code, not wallet replacement
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 476 file(s), 13.3 MB of source, external domains: 127.0.0.1, ai.google.dev, aiplatform.googleapis.com, api.github.com, api.makecoder.com, asdf.c, asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf.com, base64.guru, bugs.chromium.org, bun.sh, cdn.makecoder.com, chromestatus.com, chromewebstore.google.com, chromium.googlesource.com, chromiumdash.appspot.com, code.claude.com, datatracker.ietf.org, developer.chrome.com, developer.mozilla.org, developers.google.com, docs.expo.dev, docs.stripe.com, dotenvx.com, elevenlabs.io, empty.invalid, example.com, example.net.il, example.org, examples.com, fb.me, fburl.com, fedidcg.github.io, feross.org, ffmpeg.org, geminicli.com, github.com, goo.gle, google.com, html.spec.whatwg.org, huggingface.co, imagemagick.org, jimeng.jianying.com, jimmy.warting.se, jqlang.github.io, json-schema.org, jsonplaceholder.typicode.com, makecoder.com, my.local, nodejs.org, pandoc.org
Oversized source lightweight scan
dist/coder.js2.51 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoHighEntropyStringsMinifiedUrlStringsapi.github.comapi.makecoder.combun.shcdn.makecoder.comdocs.stripe.comelevenlabs.ioffmpeg.orggithub.comimagemagick.orgjimeng.jianying.comjqlang.github.iomakecoder.compandoc.orgraw.githubusercontent.comregistry.npmmirror.comskills.shstripe.comwww.npmjs.com
dist/darwin-arm64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/darwin-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/gemini/bundled/chrome-devtools-mcp.mjs11.1 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellHighEntropyStringsUrlStringschromewebstore.google.comgithub.comnodejs.org
dist/gemini/bundled/third_party/index.js7.62 MB file, sampled 256 KB
FilesystemNetworkChildProcessCryptoShellHighEntropyStringsUrlStringsbugs.chromium.orgchromestatus.comchromium.googlesource.comchromiumdash.appspot.comdatatracker.ietf.orgdeveloper.chrome.comdeveloper.mozilla.orgdevelopers.google.comfedidcg.github.iogithub.comgoo.glehtml.spec.whatwg.orgprivacycg.github.ioprivacysandbox.comweb.devwicg.github.iowww.chromium.orgwww.ietf.orgwww.rfc-editor.orgxhr.spec.whatwg.org
dist/gemini/chunk-GYTCBA2A.js7.61 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalCryptoHighEntropyStringsMinifiedUrlStringsfeross.orggithub.comhuggingface.cojimmy.warting.sewww.apache.org
dist/gemini/chunk-PE6GLDYB.js7.58 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalCryptoHighEntropyStringsMinifiedUrlStringsfeross.orggithub.comhuggingface.cojimmy.warting.sewww.apache.org
dist/linux-arm64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/linux-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com
dist/win32-x64/cc.js15.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsNativeBindingsCryptoHighEntropyStringsMinifiedUrlStringsaiplatform.googleapis.comcode.claude.comdocs.expo.devgithub.com

Source & flagged code

23 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/gemini/tree-sitter-bash-GW2AIDO2.jsView file
2patternName = aws_access_key severity = critical line = 2 matchedText = import{g...lt};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/gemini/tree-sitter-bash-GW2AIDO2.jsView on unpkg · L2
2patternName = aws_access_key severity = critical line = 2 matchedText = import{g...lt};
Critical
Secret Pattern

AWS access key ID in dist/gemini/tree-sitter-bash-GW2AIDO2.js

dist/gemini/tree-sitter-bash-GW2AIDO2.jsView on unpkg · L2
dist/gemini/gemini-QA25TZIT.jsView file
91L92: Migrate hooks from Claude Code to Gemini CLI format.`),await X()}};var Ai={command:"hooks <command>",aliases:["hook"],describe:"Manage Gemini CLI hooks.",builder:n=>n.middleware(e=... L93: `);if(c>0&&d.length>0){let u=Buffer.allocUnsafe(1),{bytesRead:h}=await s.read(u,0,1,c-1);h===1&&u[0]!==10&&d.shift()}return d.length>0&&d[d.length-1]===""&&d.pop(),d.length===0?"":...
High
Child Process

Package source references child process execution.

dist/gemini/gemini-QA25TZIT.jsView on unpkg · L91
91L92: Migrate hooks from Claude Code to Gemini CLI format.`),await X()}};var Ai={command:"hooks <command>",aliases:["hook"],describe:"Manage Gemini CLI hooks.",builder:n=>n.middleware(e=... L93: `);if(c>0&&d.length>0){let u=Buffer.allocUnsafe(1),{bytesRead:h}=await s.read(u,0,1,c-1);h===1&&u[0]!==10&&d.shift()}return d.length>0&&d[d.length-1]===""&&d.pop(),d.length===0?"":... ... L95: `}finally{await s.close()}}function yd(n){return new Promise((e,t)=>{n.once("error",t),n.once("close",s=>e(s??1))})}async function $p(n,e,t){let s=t?["-f","-n",String(e),n]:["-n",S... L96: `);let r=await $p(e,o,s);await X(r)}catch(r){r instanceof Error&&"code"in r&&r.code==="ENOENT"?s?(g.error('"tail" command not found. Use --lines N to view recent logs without tail.... L97: `))}return{workspacePoliciesDir:o,policyUpdateConfirmationRequest:r}}var En=n=>n.length===1&&n[0]===""?[""]:n.flatMap(e=>e.split(",").map(t=>t.trim()).filter(Boolean));function Hp(...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/gemini/gemini-QA25TZIT.jsView on unpkg · L91
80Run "gemini extensions list" for details.`);return}if(!r.installMetadata){g.log(`Unable to install extension "${n.name}" due to missing install metadata`);return}let a=await Qa(r,s... L81: `))}catch(r){g.error(Q(r))}}var Bc={command:"update [<name>] [--all]",describe:"Updates all extensions or a named extension to the latest version.",builder:n=>n.positional("name",{... L82: `);return}process.stdout.write(bn.default.bold("Discovered Agent Skills:")+` ... L91: L92: Migrate hooks from Claude Code to Gemini CLI format.`),await X()}};var Ai={command:"hooks <command>",aliases:["hook"],describe:"Manage Gemini CLI hooks.",builder:n=>n.middleware(e=... L93: `);if(c>0&&d.length>0){let u=Buffer.allocUnsafe(1),{bytesRead:h}=await s.read(u,0,1,c-1);h===1&&u[0]!==10&&d.shift()}return d.length>0&&d[d.length-1]===""&&d.pop(),d.length===0?"":...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/gemini/gemini-QA25TZIT.jsView on unpkg · L80
6`),r.border&&(o.unshift("."+"-".repeat(this.negatePadding(r)+2)+"."),o.push("'"+"-".repeat(this.negatePadding(r)+2)+"'")),r.padding&&(o.unshift(...new Array(r.padding[Du]||0).fill(... L7: `),o+=n.charAt(r);return t&&s&&(o=`${t}${o}${s}`),o}function qo(n){return Dl(n,{stringWidth:e=>[...e].length,stripAnsi:Wo,wrap:Fl})}import{dirname as Ul,resolve as Gl}from"path";im... L8: `:j=`${T} [${t("command")}] ... L91: L92: Migrate hooks from Claude Code to Gemini CLI format.`),await X()}};var Ai={command:"hooks <command>",aliases:["hook"],describe:"Manage Gemini CLI hooks.",builder:n=>n.middleware(e=... L93: `);if(c>0&&d.length>0){let u=Buffer.allocUnsafe(1),{bytesRead:h}=await s.read(u,0,1,c-1);h===1&&u[0]!==10&&d.shift()}return d.length>0&&d[d.length-1]===""&&d.pop(),d.length===0?"":... ... L159: Content from @${v.uri}: L160: `}),"text"in v?P.push({text:v.text}):P.push({inlineData:{mimeType:v.mimeType??"application/octet-stream",data:v.blob}})}return P}debug(e){this.context.config.getDebugMode()&&g.warn... L161: ${t}
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/gemini/gemini-QA25TZIT.jsView on unpkg · L6
5`):o=r.text.split(` L6: `),r.border&&(o.unshift("."+"-".repeat(this.negatePadding(r)+2)+"."),o.push("'"+"-".repeat(this.negatePadding(r)+2)+"'")),r.padding&&(o.unshift(...new Array(r.padding[Du]||0).fill(... L7: `),o+=n.charAt(r);return t&&s&&(o=`${t}${o}${s}`),o}function qo(n){return Dl(n,{stringWidth:e=>[...e].length,stripAnsi:Wo,wrap:Fl})}import{dirname as Ul,resolve as Gl}from"path";im... L8: `:j=`${T} [${t("command")}] ... L14: # L15: # Installation: {{app_path}} {{completion_command}} >> ~/.bashrc L16: # or {{app_path}} {{completion_command}} >> ~/.bash_profile on OSX. ... L61: ${s("Argument: %s, Given: %s, Choices: %s",w,e.stringifiedValues(f[w]),e.stringifiedValues(h.choices[w]))}`}),e.fail(_)};let a={};r.implies=function(u,h){H("<string|object> [array|... L62: `;h.forEach(x=>{f+=x}),e.fail(f)}};let c={};r.conflicts=function(u,h){H("<string|object> [array|string]",[u,h],arguments.length),typeof u=="object"?Object.keys(u).forEach(f=>{r.con... L63: `),void 0,"versionWarning"),m(this,J,"f").key[e]=!0,t.alias&&this.alias(e,t.alias);let s=t.deprecate||t.deprecated;s&&this.deprecateOption(e,s);let o=t.demand||t.required||t.requir... ... L80: Run "gemini extensions list" fo
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/gemini/gemini-QA25TZIT.jsView on unpkg · L5
dist/gemini/chunk-ZKZMOUOK.jsView file
1const require = (await import('node:module')).createRequire(import.meta.url); const __chunk_filename = (await import('node:url')).fileURLToPath(import.meta.url); const __chunk_dirn... L2: import{b as YA,c as hs}from"./chunk-TU3BMADG.js";import{a as eQ,b as mh}from"./chunk-Y2ZPDBAZ.js";import{$ as qR,D as ib,E as yt,Ea as nQ,F as ch,Fa as rQ,G as In,Ga as iQ,H as Yn,... L3: at`)?" (<anonymous>)":-1<A.stack.indexOf("@")?"@unknown:0:0":""}return` ... L8: Error generating stack: `+A.message+` L9: `+A.stack}}function te(a,c){if(typeof a=="object"&&a!==null){var A=MT.get(a);return A!==void 0?A:(c={value:a,source:c,stack:z(c)},MT.set(a,c),c)}return{value:a,source:c,stack:z(c)}... L10: `+(h.join(" > ")+` ... L12: No matching component was found for: L13: `)+a.join(" > ")}return null},Tt.getPublicRootInstance=function(a){if(a=a.current,!a.child)return null;switch(a.child.tag){case 27:case 5:return TA(a.child.stateNode);default:retur... L14: `)),!/^\s*at /.test(t[0])&&/^\s*at /.test(t[1])&&(t=t.slice(1));let r=!1,i=null,o=[];return t.forEach(s=>{if(s=s.replace(/\\/g,"/"),this._internals.some(u=>u.test(s)))return;let l=... L15: `).join("")}captureString(t,n=this.captureString){typeof t=="
Critical
Clipboard Crypto Hijack

Source reads and rewrites clipboard contents matching cryptocurrency wallet addresses.

dist/gemini/chunk-ZKZMOUOK.jsView on unpkg · L1
113${r.message}`:E,S=[B,t,e].filter(Boolean).join(` L114: `);return I?(r.originalMessage=r.message,r.message=S):r=new Error(S),r.shortMessage=B,r.command=s,r.escapedCommand=l,r.exitCode=o,r.signal=i,r.signalDescription=g,r.stdout=e,r.stde... L115: https://github.com/highlightjs/highlight.js/issues/2277`),X=z,be=te),Z===void 0&&(Z=!0);let V={code:be,language:X};Y("before:highlight",V);let ce=V.result?V.result:m(V.language,V.c...
High
Shell

Package source references shell execution.

dist/gemini/chunk-ZKZMOUOK.jsView on unpkg · L113
dist/zod/v4-mini/index.cjsView file
16Object.defineProperty(exports, "__esModule", { value: true }); L17: __exportStar(require("../v4/mini/index.cjs"), exports);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/zod/v4-mini/index.cjsView on unpkg · L16
scripts/postinstall.jsView file
4const path = require('path'); L5: const { execFileSync } = require('child_process'); L6: ... L15: function isBunAvailable() { L16: const isWindows = process.platform === 'win32'; L17: const binName = isWindows ? 'bun.exe' : 'bun'; ... L29: isWindows ? 'bun/bin/bun.exe' : 'bun/bin/bun', L30: { paths: [path.join(__dirname, '..')] }, L31: ); ... L35: // 3. ~/.bun/bin/bun (curl bun.sh/install fallback location) L36: const home = process.env.HOME || process.env.USERPROFILE || ''; L37: if (home && fs.existsSync(path.join(home, '.bun', 'bin', binName))) {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

scripts/postinstall.jsView on unpkg · L4
dist/linux-arm64/rgView file
path = dist/linux-arm64/rg kind = native_binary sizeBytes = 4543848 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/linux-arm64/rgView on unpkg
dist/coder.jsView file
path = dist/coder.js kind = oversized_source_file sizeBytes = 2628285 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/coder.jsView on unpkg
path = dist/coder.js kind = oversized_cli_entrypoint sizeBytes = 2628285 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/coder.jsView on unpkg
dist/zod/src/v4/mini/tests/string.test.tsView file
289patternName = supabase_service_key severity = critical line = 289 matchedText = "eyJhbGc...w5c"
Critical
Secret Pattern

Supabase service role key (JWT) in dist/zod/src/v4/mini/tests/string.test.ts

dist/zod/src/v4/mini/tests/string.test.tsView on unpkg · L289
292patternName = supabase_service_key severity = critical line = 292 matchedText = "eyJhbGc...w5c"
Critical
Secret Pattern

Supabase service role key (JWT) in dist/zod/src/v4/mini/tests/string.test.ts

dist/zod/src/v4/mini/tests/string.test.tsView on unpkg · L292
dist/zod/src/v4/classic/tests/refine.test.tsView file
66patternName = generic_password severity = medium line = 66 matchedText = password...aa",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L66
93patternName = generic_password severity = medium line = 93 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L93
103patternName = generic_password severity = medium line = 103 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v4/classic/tests/refine.test.ts

dist/zod/src/v4/classic/tests/refine.test.tsView on unpkg · L103
dist/zod/src/v3/tests/refine.test.tsView file
40patternName = generic_password severity = medium line = 40 matchedText = password...aa",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v3/tests/refine.test.ts

dist/zod/src/v3/tests/refine.test.tsView on unpkg · L40
74patternName = generic_password severity = medium line = 74 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in dist/zod/src/v3/tests/refine.test.ts

dist/zod/src/v3/tests/refine.test.tsView on unpkg · L74

Findings

5 Critical9 High13 Medium5 Low
CriticalCritical Secretdist/gemini/tree-sitter-bash-GW2AIDO2.js
CriticalClipboard Crypto Hijackdist/gemini/chunk-ZKZMOUOK.js
CriticalSecret Patterndist/zod/src/v4/mini/tests/string.test.ts
CriticalSecret Patterndist/zod/src/v4/mini/tests/string.test.ts
CriticalSecret Patterndist/gemini/tree-sitter-bash-GW2AIDO2.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/gemini/gemini-QA25TZIT.js
HighShelldist/gemini/chunk-ZKZMOUOK.js
HighSame File Env Network Executiondist/gemini/gemini-QA25TZIT.js
HighCommand Output Exfiltrationdist/gemini/gemini-QA25TZIT.js
HighSandbox Evasion Gated Capabilityscripts/postinstall.js
HighRemote Agent Bridgedist/gemini/gemini-QA25TZIT.js
HighObfuscated
HighOversized Source Filedist/coder.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/zod/v4-mini/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/gemini/gemini-QA25TZIT.js
MediumShips Native Binarydist/linux-arm64/rg
MediumOversized Cli Entrypointdist/coder.js
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v4/classic/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v3/tests/refine.test.ts
MediumSecret Patterndist/zod/src/v3/tests/refine.test.ts
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings