registry  /  mdblu  /  3.0.0

mdblu@3.0.0

CLI tool to scaffold and manage mdblu markdown templates in any project

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 42.4 KB of source, external domains: cli.github.com, github.com, raw.githubusercontent.com

Source & flagged code

2 flagged · loading source
bin/mdblu.jsView file
9const crypto = require('crypto'); L10: const { spawnSync } = require('child_process'); L11: const os = require('os');
High
Child Process

Package source references child process execution.

bin/mdblu.jsView on unpkg · L9
708if (!rest.length) { L709: process.stderr.write('Usage: mdblu propose <file> [--when <text>]\n'); L710: process.exit(1); ... L714: // Preflight: gh auth L715: const authCheck = spawnSync('gh', ['auth', 'status'], { stdio: 'pipe' }); L716: if (authCheck.status !== 0) { L717: process.stderr.write( L718: 'error: mdblu propose needs the GitHub CLI — install https://cli.github.com then run gh auth login\n' L719: );
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/mdblu.jsView on unpkg · L708

Findings

2 High1 Medium4 Low
HighChild Processbin/mdblu.js
HighCommand Output Exfiltrationbin/mdblu.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings