registry  /  mycelium-mind  /  0.2.0

mycelium-mind@0.2.0

Mycelium Mind is a fully offline, schema-driven, multi-vault compiler pipeline and wiki engine built on top of **Obsidian** and **MkDocs**, powered by local LLMs via an OpenAI-compatible API.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 28 file(s), 227 KB of source, external domains: cdnjs.cloudflare.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/setup.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
build/utils/overview-runner.jsView file
1import * as fs from 'fs'; L2: import * as path from 'path';
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

build/utils/overview-runner.jsView on unpkg · L1
build/commands/rag.jsView file
matchType = previous_version_dangerous_delta matchedPackage = mycelium-mind@0.1.1 matchedIdentity = npm:bXljZWxpdW0tbWluZA:0.1.1 similarity = 0.542 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

build/commands/rag.jsView on unpkg

Findings

2 High4 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltabuild/commands/rag.js
MediumUnsafe Vm Contextbuild/utils/overview-runner.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License