registry  /  shark-ai  /  0.4.31

shark-ai@0.4.31

Shark AI: AI-Native Collaborative Development Tool powered by StackSpot AI and BMAD Method

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 276 KB of source, external domains: cdn.tailwindcss.com, fonts.googleapis.com, genai-inference-app.stackspot.com, idm.stackspot.com, json-schema.org, primeradiant.com, unpkg.com

Source & flagged code

3 flagged · loading source
skills/brainstorming/scripts/server.cjsView file
1const crypto = require('crypto'); L2: const http = require('http'); L3: const fs = require('fs'); ... L12: function computeAcceptKey(clientKey) { L13: return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64'); L14: } ... L84: L85: const PORT_FILE = process.env.BRAINSTORM_PORT_FILE || null; L86: const randomPort = () => 49152 + Math.floor(Math.random() * 16383); ... L195: try { sessionStorage.setItem('brainstorm-session-key', ${jsonKey}); } catch (e) {} L196: location.replace('/'); L197: </script>
Low
Weak Crypto

Package source references weak cryptographic algorithms.

skills/brainstorming/scripts/server.cjsView on unpkg · L1
skills/systematic-debugging/find-polluter.shView file
path = skills/systematic-debugging/find-polluter.sh kind = build_helper sizeBytes = 1528 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/systematic-debugging/find-polluter.shView on unpkg
dist/bin/shark.jsView file
matchType = previous_version_dangerous_delta matchedPackage = shark-ai@0.4.29 matchedIdentity = npm:c2hhcmstYWk:0.4.29 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin/shark.jsView on unpkg

Findings

1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/bin/shark.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptoskills/brainstorming/scripts/server.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings