registry  /  modelstat  /  0.26.1

modelstat@0.26.1

⚠ Under review

modelstat daemon — reads local AI-tool usage and ships tokenised events to modelstat.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1.63 MB of source, external domains: 127.0.0.1, api.openai.com, deb.nodesource.com, dotenvx.com, fetch.spec.whatwg.org, github.com, llm.acme.internal, mimesniff.spec.whatwg.org, modelstat.ai, nodejs.org, webidl.spec.whatwg.org, www.apple.com, www.ietf.org

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/cli.mjsView file
4if (__msMaj < 20 || (__msMaj === 20 && __msMin < 18)) { L5: process.stderr.write(`modelstat requires Node \u2265 20.18 (you have ${process.version}).\n`); L6: process.stderr.write('Install Node 20+: https://nodejs.org\n'); L7: process.stderr.write('Debian/Ubuntu: curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs\n'); ... L204: if (decision.type === "commit") { L205: const body2 = await res.json().catch(() => ({})); L206: return { kind: "commit", response: body2 }; ... L377: * @type {-2|-1|0|1} L378: * @private L379: */ ... L1915: } L1916: var setupConnectTimeout = process.platform === "win32" ? (socketWeakRef, opts) => {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli.mjsView on unpkg · L4
4Trigger-reachable chain: manifest.main -> dist/cli.mjs L4: if (__msMaj < 20 || (__msMaj === 20 && __msMin < 18)) { L5: process.stderr.write(`modelstat requires Node \u2265 20.18 (you have ${process.version}).\n`); L6: process.stderr.write('Install Node 20+: https://nodejs.org\n'); L7: process.stderr.write('Debian/Ubuntu: curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs\n'); ... L204: if (decision.type === "commit") { L205: const body2 = await res.json().catch(() => ({})); L206: return { kind: "commit", response: body2 }; ... L377: * @type {-2|-1|0|1} L378: * @private L379: */ ... L1915: } L1916: var setupConnectTimeout = process.platform === "win32" ? (socketWeakRef, opts) => {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.mjsView on unpkg · L4
25874// src/machine-key.ts L25875: import { spawnSync } from "child_process"; L25876: import { createHash } from "crypto";
High
Child Process

Package source references child process execution.

dist/cli.mjsView on unpkg · L25874
1228"use strict"; L1229: var assert = __require("assert"); L1230: var { kDestroyed, kBodyUsed, kListeners, kBody } = require_symbols();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli.mjsView on unpkg · L1228
4if (__msMaj < 20 || (__msMaj === 20 && __msMin < 18)) { L5: process.stderr.write(`modelstat requires Node \u2265 20.18 (you have ${process.version}).\n`); L6: process.stderr.write('Install Node 20+: https://nodejs.org\n'); L7: process.stderr.write('Debian/Ubuntu: curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs\n'); ... L204: if (decision.type === "commit") { L205: const body2 = await res.json().catch(() => ({})); L206: return { kind: "commit", response: body2 }; ... L377: * @type {-2|-1|0|1} L378: * @private L379: */ ... L1915: } L1916: var setupConnectTimeout = process.platform === "win32" ? (socketWeakRef, opts) => {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.mjsView on unpkg · L4
4if (__msMaj < 20 || (__msMaj === 20 && __msMin < 18)) { L5: process.stderr.write(`modelstat requires Node \u2265 20.18 (you have ${process.version}).\n`); L6: process.stderr.write('Install Node 20+: https://nodejs.org\n'); L7: process.stderr.write('Debian/Ubuntu: curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs\n'); ... L204: if (decision.type === "commit") { L205: const body2 = await res.json().catch(() => ({})); L206: return { kind: "commit", response: body2 }; ... L377: * @type {-2|-1|0|1} L378: * @private L379: */ ... L1915: } L1916: var setupConnectTimeout = process.platform === "win32" ? (socketWeakRef, opts) => {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli.mjsView on unpkg · L4
scripts/postinstall.mjsView file
25Cross-file remote execution chain: scripts/postinstall.mjs spawns dist/cli.mjs; helper contains network access plus dynamic code execution. L25: * installs on a multi-GB pull). L26: * - stdout isn't a TTY AND CI isn't set (likely a scripted L27: * install that doesn't want long-running side-effects). ... L57: const valid = (v) => (v === "local" || v === "cloud" || v === "self-hosted" ? v : null); L58: const env = valid((process.env.MODELSTAT_SUMMARIZER_MODE ?? "").trim().toLowerCase()); L59: if (env) return env; L60: try { L61: const home = process.env.MODELSTAT_HOME?.trim() || join(homedir(), ".modelstat"); L62: const state = JSON.parse(readFileSync(join(home, "state.json"), "utf8")); L63: return valid(String(state?.summarizerMode ?? "").trim().toLowerCase()) ?? "cloud"; ... L123: const sk[redacted] = L124: process.env.CI === "true" ||
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

scripts/postinstall.mjsView on unpkg · L25
vendor/tray-mac/build-app.shView file
path = vendor/tray-mac/build-app.sh kind = build_helper sizeBytes = 3148 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

vendor/tray-mac/build-app.shView on unpkg

Findings

2 Critical4 High7 Medium5 Low
CriticalCredential Exfiltrationdist/cli.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/cli.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/cli.mjs
HighShell
HighCross File Remote Execution Contextscripts/postinstall.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/cli.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.mjs
MediumShips Build Helpervendor/tray-mac/build-app.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/cli.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings