registry  /  runline  /  0.12.0

runline@0.12.0

Code mode for agents — turn any API or command into a callable action

Static Scan Results

scanned 12d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 282 file(s), 2.51 MB of source, external domains: 127.0.0.1, accounts.google.com, actionnetwork.org, adb-12345.azuredatabricks.net, adc.example.com, api-b2b.backenster.com, api-eu.customer.io, api-eu.dhl.com, api-free.deepl.com, api-m.paypal.com, api-m.sandbox.paypal.com, api-ssl.bitly.com, api.adalo.com, api.affinity.co, api.airtable.com, api.airtop.ai, api.apitemplate.io, api.bamboohr.com, api.bannerbear.com, api.baserow.io, api.bitwarden.com, api.box.com, api.brandfetch.io, api.brevo.com, api.clickup.com, api.clockify.me, api.cloudflare.com, api.coingecko.com, api.convertkit.com, api.copper.com, api.currents.dev, api.customer.io, api.deepl.com, api.dropboxapi.com, api.dropcontact.io, api.egoiapp.com, api.getgo.com, api.getresponse.com, api.getvero.com, api.github.com, api.gong.io, api.harvestapp.com, api.helpscout.net, api.hubapi.com, api.humantic.ai, api.hunter.io, api.infusionsoft.com, api.intercom.io, api.iterable.com, api.lemlist.com

Source & flagged code

5 flagged · loading source
dist/core/oauth.jsView file
24*/ L25: import { spawn } from "node:child_process"; L26: import { createHash, randomBytes } from "node:crypto";
High
Child Process

Package source references child process execution.

dist/core/oauth.jsView on unpkg · L24
24*/ L25: import { spawn } from "node:child_process"; L26: import { createHash, randomBytes } from "node:crypto"; L27: import { createServer, } from "node:http"; L28: /** ... L36: export const OAUTH_CALLBACK_PORT = (() => { L37: const raw = process.env.RUNLINE_OAUTH_CALLBACK_PORT; L38: if (raw) {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/core/oauth.jsView on unpkg · L24
dist/plugins/steel/src/browser.jsView file
169} L170: const fn = new Function("page", "browser", "context", "session", `return (async () => {\n${script}\n})();`); L171: const result = await fn(page, browser, context, session);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/plugins/steel/src/browser.jsView on unpkg · L169
dist/plugin/loader.jsView file
50// to the plugin file. L51: const mod = (await jiti.import(absPath)); L52: const pluginId = absPath.replace(/.*\//, "").replace(/\.(ts|js)$/, "");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/plugin/loader.jsView on unpkg · L50
dist/plugin/installer.jsView file
106const spec = parsed.ref ? `${parsed.name}@${parsed.ref}` : parsed.name; L107: execSync(`npm install ${spec}`, { cwd: npmDir, stdio: "pipe" }); L108: installPath = join(npmDir, "node_modules", parsed.name);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/plugin/installer.jsView on unpkg · L106

Findings

4 High4 Medium7 Low
HighChild Processdist/core/oauth.js
HighShell
HighSame File Env Network Executiondist/core/oauth.js
HighRuntime Package Installdist/plugin/installer.js
MediumDynamic Requiredist/plugin/loader.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/plugins/steel/src/browser.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings