registry  /  mop-agent  /  1.0.4

mop-agent@1.0.4

Self-hosted AI assistant with persistent memory, agent runtime, scheduler, and multi-channel support. Installed with npx mop-agent.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 848 file(s), 4.29 MB of source, external domains: 127.0.0.1, 9router.com, abc-tunnel.us, accounts.google.com, agent.api5.cursor.sh, agentn.api5.cursor.sh, ai-gateway.vercel.sh, ai.google.dev, aiplatform.googleapis.com, aistudio.google.com, antigravity.google, api-dashboard.search.brave.com, api-inference.huggingface.co, api.anthropic.com, api.assemblyai.com, api.bfl.ai, api.blackbox.ai, api.botframework.com, api.cartesia.ai, api.cerebras.ai, api.cline.bot, api.cloudflare.com, api.cohere.ai, api.commandcode.ai, api.deepgram.com, api.deepseek.com, api.deno.com, api.dev.runwayml.com, api.elevenlabs.io, api.exa.ai, api.example.com, api.firecrawl.dev, api.fireworks.ai, api.github.com, api.githubcopilot.com, api.groq.com, api.hyperbolic.xyz, api.inworld.ai, api.jina.ai, api.kilo.ai, api.kimi.com, api.linkup.so, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.cn, api.nanobananaapi.ai, api.openai.com, api.perplexity.ai, api.play.ht

Source & flagged code

10 flagged · loading source
src/app/api/profile/password/route.jsView file
43patternName = generic_password severity = medium line = 43 matchedText = console....or);
Medium
Secret Pattern

Package contains a possible secret pattern.

src/app/api/profile/password/route.jsView on unpkg · L43
bin/mop-detect-run.mjsView file
13L14: import { spawnSync } from 'node:child_process'; L15: import { fileURLToPath } from 'node:url';
High
Child Process

Package source references child process execution.

bin/mop-detect-run.mjsView on unpkg · L13
42* Returns the npx command appropriate for the current OS. L43: * No cmd.exe wrapper needed on any platform. L44: */
High
Shell

Package source references shell execution.

bin/mop-detect-run.mjsView on unpkg · L42
scripts/injectDisplayToRegistry.mjsView file
22// eslint-disable-next-line no-new-func L23: const getDisplay = new Function("RISK_NOTICE", `${displayBody}; return PROVIDER_DISPLAY;`); L24: const DISPLAY = getDisplay(RISK_NOTICE);
Low
Eval

Package source references a known benign dynamic code generation pattern.

scripts/injectDisplayToRegistry.mjsView on unpkg · L22
open-sse/shared/qoder/cosy.jsView file
43L44: function aesEncryptCbcBase64(plaintext, keyStr) { L45: const keyBytes = Buffer.from(keyStr, "utf8"); ... L113: * @param {string} [creds.machineId] Persisted machine UUID. L114: * @returns {Record<string, string>} Header map ready to merge onto fetch(). L115: */
Low
Weak Crypto

Package source references weak cryptographic algorithms.

open-sse/shared/qoder/cosy.jsView on unpkg · L43
installer/mop-agent.mjsView file
14*/ L15: import { spawnSync } from "node:child_process"; L16: import { randomBytes } from "node:crypto"; ... L18: import { createInterface } from "node:readline/promises"; L19: import { stdin as input, stdout as output } from "node:process"; L20: import { dirname, resolve, join } from "node:path"; ... L47: const DRY = !!args["dry-run"]; L48: const randomToken = (n) => randomBytes(n).toString("base64url").slice(0, n); L49: const randomHex = (n) => randomBytes(n).toString("hex").slice(0, n); ... L180: console.log(c("green", `\n✓ Setup complete. Start now: `) + c("bold", `node scripts/serve.mjs start`)); L181: console.log(c("gray", ` Open http://localhost:${port} — for HTTPS, put IIS/Caddy/nginx in front as a reverse proxy.\n`)); L182: return;
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

installer/mop-agent.mjsView on unpkg · L14
cli/cli.jsView file
737console.log(`🔔 9Router is running in tray (PID: ${process.pid})`); L738: console.log(` Server: http://${displayHost}:${port}`); L739: console.log(`\n💡 You can close this terminal. Right-click tray icon to quit.\n`); ... L747: L748: const bgProcess = spawn(process.execPath, [__filename, "--tray", "--skip-update", "-p", port.toString()], { L749: detached: true, ... L751: windowsHide: true, L752: env: { ...process.env } L753: });
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

cli/cli.jsView on unpkg · L737
src/lib/updater/updater.jsView file
1// Standalone detached updater process. L2: // Spawns `npm i -g <pkg>@latest`, exposes progress via tiny HTTP server. L3: // Survives after parent Next server exits (detached + unref by spawner). L4: L5: const { spawn } = require("child_process"); L6: const http = require("http");
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/lib/updater/updater.jsView on unpkg · L1
src/app/favicon.icoView file
path = src/app/favicon.ico kind = high_entropy_blob sizeBytes = 55053 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

src/app/favicon.icoView on unpkg
package.jsonView file
Runtime dependency names matching Node built-ins: fs
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

6 High5 Medium7 Low
HighChild Processbin/mop-detect-run.mjs
HighShellbin/mop-detect-run.mjs
HighSame File Env Network Executioncli/cli.js
HighRuntime Package Installsrc/lib/updater/updater.js
HighShips High Entropy Blobsrc/app/favicon.ico
HighNode Builtin Dependency Squatpackage.json
MediumSecret Patternsrc/app/api/profile/password/route.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistenceinstaller/mop-agent.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalscripts/injectDisplayToRegistry.mjs
LowWeak Cryptoopen-sse/shared/qoder/cosy.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License