registry  /  phewsh  /  0.15.68

phewsh@0.15.68

⚠ Under review

Turn intent into action. Structure your thinking, execute your next step.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 91 file(s), 751 KB of source, external domains: 127.0.0.1, api.anthropic.com, api.deepseek.com, api.github.com, api.groq.com, api.mistral.ai, api.openai.com, api.together.xyz, claude.ai, console.anthropic.com, cursor.com, developer.mozilla.org, docs.anthropic.com, fpnpfnahwaztdlxuayyv.supabase.co, github.com, news.ycombinator.com, openrouter.ai, phewsh.com, registry.npmjs.org, sustainableaiprotocol.com, www.phewsh.com, youtube.com

Source & flagged code

7 flagged · loading source
lib/harnesses.jsView file
11L12: const { execSync, spawn } = require('child_process'); L13:
High
Child Process

Package source references child process execution.

lib/harnesses.jsView on unpkg · L11
lib/sequencer/ranker.jsView file
1// Rank memory chunks by recency, impact, source authority, and deduplication. L2: // Weight = recency * impact * sourceAuthority * dedupPenalty
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/sequencer/ranker.jsView on unpkg · L1
lib/shims.jsView file
18const os = require('os'); L19: const { execFileSync } = require('child_process'); L20: L21: const PHEWSH_DIR = path.join(os.homedir(), '.phewsh'); L22: const SHIM_DIR = path.join(PHEWSH_DIR, 'shims'); ... L34: try { L35: const cleanPath = (process.env.PATH || '') L36: .split(path.delimiter) ... L38: .join(path.delimiter); L39: const cmd = process.platform === 'win32' ? `where ${bin}` : `command -v ${bin}`; L40: const out = execFileSync('sh', ['-c', cmd], { ... L52: function shimScript(bin, realPath) {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

lib/shims.jsView on unpkg · L18
commands/mcp.jsView file
153try { L154: const res = await fetch(`http://127.0.0.1:${port}/health`, { L155: signal: AbortSignal.timeout(800), ... L166: ensureDirs(); L167: const child = spawn(process.execPath, [MCP_SERVER_PATH], { L168: stdio: 'inherit', L169: env: { ...process.env }, L170: });
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

commands/mcp.jsView on unpkg · L153
commands/mbhd.jsView file
1const { execFileSync } = require('child_process'); L2: L3: const WEB_URL = 'https://phewsh.com/mbhd'; L4: ... L8: // execFileSync (no shell) — argument-safe even though the URL is constant. L9: if (process.platform === 'darwin') { L10: execFileSync('open', [WEB_URL]);
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

commands/mbhd.jsView on unpkg · L1
commands/session.jsView file
2600const { execSync } = require('child_process'); L2601: execSync(`npm install -g ${pkg.name}@latest`, { stdio: 'inherit' }); L2602: console.log(`\n ${teal('●')} ${sage('Updated to')} ${cream(data.version)}`);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

commands/session.jsView on unpkg · L2600
commands/task.jsView file
matchType = previous_version_dangerous_delta matchedPackage = phewsh@0.15.67 matchedIdentity = npm:cGhld3No:0.15.67 similarity = 0.978 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

commands/task.jsView on unpkg

Findings

1 Critical5 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltacommands/task.js
HighChild Processlib/harnesses.js
HighShell
HighSame File Env Network Executioncommands/mcp.js
HighSandbox Evasion Gated Capabilitycommands/mbhd.js
HighRuntime Package Installcommands/session.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/shims.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptolib/sequencer/ranker.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings