registry  /  metago-lifeform  /  36.7.11

metago-lifeform@36.7.11

让智能,学会进化。从 Agent 到生命体的范式跃迁 — 37 技能 · 8 公理 · 7 属性 · 6 协议 · 决策锁治理 · 元进化能力 · 全链路溯源。支持 Trae/Claude Code/Codex/Cursor/CodeBuddy/Qoder/ZCode 7 大 AI 编程平台。跨平台 CLI(Windows PowerShell + macOS/Linux Bash)。内置 MCP Server(35 tools + 8 prompts)即开即用。MIT 开源。

Static Scan Results

scanned 23h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 5.38 KB of source, external domains: gitee.com, github.com, metago-d6gfw1e4rf2a5bcad-1257074864.tcloudbaseapp.com

Source & flagged code

2 flagged · loading source
scripts/cli.jsView file
12L13: const { execSync } = require('child_process'); L14: const path = require('path'); ... L16: L17: const PKG_ROOT = path.resolve(__dirname, '..'); L18: const SCRIPTS_DIR = path.join(PKG_ROOT, 'scripts'); L19: const PLATFORMS = ['trae', 'claude-code', 'codex', 'cursor', 'codebuddy', 'qoder', 'zcode']; L20: // 从 package.json 动态读取版本号,避免硬编码不同步(与 logger.ts 同模式) L21: const VERSION = require('../package.json').version; ... L74: function runInstall(extraArgs) { L75: if (process.platform === 'win32') { L76: runPowerShell('install.ps1', extraArgs);
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

scripts/cli.jsView on unpkg · L12
scripts/uninstall.ps1View file
path = scripts/uninstall.ps1 kind = build_helper sizeBytes = 18544 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/uninstall.ps1View on unpkg

Findings

1 High2 Medium3 Low
HighSandbox Evasion Gated Capabilityscripts/cli.js
MediumShips Build Helperscripts/uninstall.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings