registry  /  mimi-seed  /  0.5.0

mimi-seed@0.5.0

Mimi Seed CLI — Claude Code와 Codex에서 앱 출시 운영을 관리합니다.

Static Scan Results

scanned 7h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 121 KB of source, external domains: 127.0.0.1, api.github.com, gitlab.com, mimi-seed.pryzm.gg, play.google.com

Source & flagged code

2 flagged · loading source
dist/chunk-T757WVSG.jsView file
26try { L27: return JSON.parse(fs.readFileSync(path.join(credDir(home), name), "utf-8")); L28: } catch { ... L54: obtain: [ L55: "https://mimi-seed.pryzm.gg \uC5D0\uC11C \uAC00\uC785/\uB85C\uADF8\uC778\uD558\uBA74 \uB05D \u2014 \uBE0C\uB77C\uC6B0\uC800\uAC00 \uC54C\uC544\uC11C \uD1A0\uD070\uC744 \uB118\uACA8... L56: "CI \uC5D0\uC11C\uB294 MIMI_SEED_TOKEN \uD658\uACBD\uBCC0\uC218\uB85C \uB300\uCCB4\uD560 \uC218 \uC788\uB2E4." ... L59: detect: (home) => { L60: if (process.env.MIMI_SEED_TOKEN) return { present: true, detail: "MIMI_SEED_TOKEN (env)" }; L61: const cfg = readJson(home, "config.json"); ... L278: } L279: function detectAll(home = os.homedir()) { L280: return new Map(CREDENTIALS.map((c) => [c.id, c.detect(home)]));
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/chunk-T757WVSG.jsView on unpkg · L26
matchType = previous_version_dangerous_delta matchedPackage = mimi-seed@0.4.3 matchedIdentity = npm:bWltaS1zZWVk:0.4.3 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-T757WVSG.jsView on unpkg

Findings

2 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/chunk-T757WVSG.js
HighPrevious Version Dangerous Deltadist/chunk-T757WVSG.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings