registry  /  sootsim  /  0.1.190

sootsim@0.1.190

⚠ Under review

sootsim CLI + vite/metro plugins + skills registry. bridge client for driving the proprietary sootsim-engine over WebSocket.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 25 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 186 file(s), 3.27 MB of source, external domains: 10.0.0.5, 127.0.0.1, app.uniswap.org, example.com, js.stripe.com, registry.npmjs.org, soot.local, sootbean.com, sootsim.com, sootsim.local, us.i.posthog.com, www.apple.com

Source & flagged code

15 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist-lib/host/bridge-host.cjsView file
72module.exports = __toCommonJS(bridge_host_exports); L73: var import_child_process4 = require("child_process"); L74: var import_fs4 = __toESM(require("fs"), 1);
High
Child Process

Package source references child process execution.

dist-lib/host/bridge-host.cjsView on unpkg · L72
dist-lib/skills.cjsView file
374coverage: 0.95, L375: note: "string read/write via real navigator.clipboard, image read/write via real ClipboardItem on browsers that expose it (Chromium-based, plus Safari 13.4+). getImageAsync returns... L376: working: "getStringAsync / setStringAsync / setString / hasStringAsync via navigator.clipboard, getImageAsync returning { data: base64, size: { width, height } } via Clipboard.read... L377: missing: "external-app clipboard-change events (no browser API), Firefox image read (no Clipboard.read support \u2014 falls back to null/false), text-format edge cases like RTF/HTM... ... L850: note: "real SQLite via lazy-loaded bedrock-sqlite (~1MB WASM) \u2014 full SQL support including joins, transactions, prepared statements, RETURNING. WASM ships in the runtime tarba... L851: working: "openDatabaseAsync / openDatabaseSync (real bedrock instance), execAsync / execSync, prepareAsync / prepareSync, runAsync / runSync, getFirstAsync / getFirstSync, getAllAs... L852: missing: "serializeAsync (bedrock does not expose sqlite3_serialize through its module surface), backupDatabaseAsync, addDatabaseChangeListener (no sqlite3_update_hook bindings), c... ... L913: coverage: 0.85, L914: no
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist-lib/skills.cjsView on unpkg · L374
374coverage: 0.95, L375: note: "string read/write via real navigator.clipboard, image read/write via real ClipboardItem on browsers that expose it (Chromium-based, plus Safari 13.4+). getImageAsync returns... L376: working: "getStringAsync / setStringAsync / setString / hasStringAsync via navigator.clipboard, getImageAsync returning { data: base64, size: { width, height } } via Clipboard.read... L377: missing: "external-app clipboard-change events (no browser API), Firefox image read (no Clipboard.read support \u2014 falls back to null/false), text-format edge cases like RTF/HTM... ... L850: note: "real SQLite via lazy-loaded bedrock-sqlite (~1MB WASM) \u2014 full SQL support including joins, transactions, prepared statements, RETURNING. WASM ships in the runtime tarba... L851: working: "openDatabaseAsync / openDatabaseSync (real bedrock instance), execAsync / execSync, prepareAsync / prepareSync, runAsync / runSync, getFirstAsync / getFirstSync, getAllAs... L852: missing: "serializeAsync (bedrock does not expose sqlite3_serialize through its module surface), backupDatabaseAsync, addDatabaseChangeListener (no sqlite3_update_hook bindings), c... ... L913: coverage: 0.85, L914: no
Critical
Global Object Hijack Exfiltration

Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.

dist-lib/skills.cjsView on unpkg · L374
374Trigger-reachable chain: manifest.exports -> dist-lib/skills.cjs L374: coverage: 0.95, L375: note: "string read/write via real navigator.clipboard, image read/write via real ClipboardItem on browsers that expose it (Chromium-based, plus Safari 13.4+). getImageAsync returns... L376: working: "getStringAsync / setStringAsync / setString / hasStringAsync via navigator.clipboard, getImageAsync returning { data: base64, size: { width, height } } via Clipboard.read... L377: missing: "external-app clipboard-change events (no browser API), Firefox image read (no Clipboard.read support \u2014 falls back to null/false), text-format edge cases like RTF/HTM... ... L850: note: "real SQLite via lazy-loaded bedrock-sqlite (~1MB WASM) \u2014 full SQL support including joins, transactions, prepared statements, RETURNING. WASM ships in the runtime tarba... L851: working: "openDatabaseAsync / openDatabaseSync (real bedrock instance), execAsync / execSync, prepareAsync / prepareSync, runAsync / runSync, getFirstAsync / getFirstSync, getAllAs... L852: missing: "serializeAsync (bedrock does not expose sqlite3_serialize through its module surface), backupDatabaseAsync, addDatabaseChangeListener (no sqli…
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist-lib/skills.cjsView on unpkg · L374
16431return vm.runInContext( L16432: `(function(){ with(__maestroScope){ return eval(\`${escaped}\`) } })()`, L16433: this.context
High
Eval

Package source references dynamic code evaluation.

dist-lib/skills.cjsView on unpkg · L16431
374coverage: 0.95, L375: note: "string read/write via real navigator.clipboard, image read/write via real ClipboardItem on browsers that expose it (Chromium-based, plus Safari 13.4+). getImageAsync returns... L376: working: "getStringAsync / setStringAsync / setString / hasStringAsync via navigator.clipboard, getImageAsync returning { data: base64, size: { width, height } } via Clipboard.read... L377: missing: "external-app clipboard-change events (no browser API), Firefox image read (no Clipboard.read support \u2014 falls back to null/false), text-format edge cases like RTF/HTM... ... L850: note: "real SQLite via lazy-loaded bedrock-sqlite (~1MB WASM) \u2014 full SQL support including joins, transactions, prepared statements, RETURNING. WASM ships in the runtime tarba... L851: working: "openDatabaseAsync / openDatabaseSync (real bedrock instance), execAsync / execSync, prepareAsync / prepareSync, runAsync / runSync, getFirstAsync / getFirstSync, getAllAs... L852: missing: "serializeAsync (bedrock does not expose sqlite3_serialize through its module surface), backupDatabaseAsync, addDatabaseChangeListener (no sqlite3_update_hook bindings), c... ... L913: coverage: 0.85, L914: no
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist-lib/skills.cjsView on unpkg · L374
374coverage: 0.95, L375: note: "string read/write via real navigator.clipboard, image read/write via real ClipboardItem on browsers that expose it (Chromium-based, plus Safari 13.4+). getImageAsync returns... L376: working: "getStringAsync / setStringAsync / setString / hasStringAsync via navigator.clipboard, getImageAsync returning { data: base64, size: { width, height } } via Clipboard.read... L377: missing: "external-app clipboard-change events (no browser API), Firefox image read (no Clipboard.read support \u2014 falls back to null/false), text-format edge cases like RTF/HTM... ... L850: note: "real SQLite via lazy-loaded bedrock-sqlite (~1MB WASM) \u2014 full SQL support including joins, transactions, prepared statements, RETURNING. WASM ships in the runtime tarba... L851: working: "openDatabaseAsync / openDatabaseSync (real bedrock instance), execAsync / execSync, prepareAsync / prepareSync, runAsync / runSync, getFirstAsync / getFirstSync, getAllAs... L852: missing: "serializeAsync (bedrock does not expose sqlite3_serialize through its module surface), backupDatabaseAsync, addDatabaseChangeListener (no sqlite3_update_hook bindings), c... ... L913: coverage: 0.85, L914: no
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

dist-lib/skills.cjsView on unpkg · L374
dist-lib/agent-identity.cjsView file
1/*! sootsim v0.1.190 | (c) 2026 Tamagui LLC | Proprietary — see LICENSE */ L2: let __sootsim_import_meta_url = ''; try { __sootsim_import_meta_url = require('url').pathToFileURL(__filename).href; } catch {} L3: "use strict";
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist-lib/agent-identity.cjsView on unpkg · L1
dist-cli/chunks/chunk-INRO26KS.jsView file
1/*! sootsim v0.1.190 | (c) 2026 Tamagui LLC | Proprietary — see LICENSE */ L2: import{a as R,b as U}from"./chunk-KLGX6B46.js";import{c as F}from"./chunk-F6GCSGBJ.js";import{g as N,j as E,r as _,s as v,t as B}from"./chunk-MH6BMKK5.js";import{a as O}from"./chun... L3: the daemon will still run, but Login Items may show a generic name.`)}return{bundlePath:n,launcherPath:o}}function Z(){return`<?xml version="1.0" encoding="UTF-8"?> ... L22: </plist> L23: `}function tt(t,e,r){let o=[t.executable,...t.prefixArgs,"serve","--quiet","--port",String(e)].map(et).join(" ");return`#!/bin/sh L24: # SootSim Daemon launcher \u2014 auto-generated by 'sootsim setup'. ... L27: # L28: # stdout: ${r.stdout} L29: # stderr: ${r.stderr} L30: exec ${o} L31: `}function et(t){return`'${t.replace(/'/g,"'\\''")}'`}var K=60,y="dev.sootsim.daemon",m="sootsim-daemon",g=f(P(),"Library/Logs/sootsim"),b=f(P(),".local/state/sootsim");async funct... L32: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist-cli/chunks/chunk-INRO26KS.jsView on unpkg · L1
dist-lib/agent-daemon-client.cjsView file
41module.exports = __toCommonJS(agent_daemon_client_exports); L42: var import_node_child_process = require("node:child_process"); L43: var import_node_net = __toESM(require("node:net"), 1); L44: var import_ws = require("ws"); ... L53: function isSootsimDevCheckout() { L54: if (process.env.SOOTSIM_FORCE_DAEMON_INSTALL === "1") return false; L55: const env = process.env.SOOTSIM_DEV;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist-lib/agent-daemon-client.cjsView on unpkg · L41
dist-cli/chunks/chunk-IOJDFCGV.jsView file
1/*! sootsim v0.1.190 | (c) 2026 Tamagui LLC | Proprietary — see LICENSE */ L2: import{a as x}from"./chunk-SMDCNCVZ.js";import{a as k}from"./chunk-TBFBGSRV.js";import{spawn as v,spawnSync as u}from"child_process";import{chmodSync as S,copyFileSync as T,createW... L3: `),t=e[e.length-1].split(" ").pop()?.trim();if(!t||!w(t))throw new Error(`could not determine dmg mount point (output: ${o.stdout})`);let a=f(t,"sootsim.app");if(!w(a))throw u("hdi...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist-cli/chunks/chunk-IOJDFCGV.jsView on unpkg · L1
dist-cli/chunks/login-O6XRDK26.jsView file
1/*! sootsim v0.1.190 | (c) 2026 Tamagui LLC | Proprietary — see LICENSE */ L2: import{b as g,d as m}from"./chunk-K5GLQDTG.js";import"./chunk-MH6BMKK5.js";import"./chunk-YWQH2KQJ.js";import{exec as O}from"node:child_process";import{randomBytes as S}from"node:c... L3: sootsim login \u2014 sign in so uploads can attach to your account ... L13: -h, --help L14: `)}function R(r,e){let t=r.findIndex(i=>i===e);if(t<0)return;let c=r[t+1];return r.splice(t,2),c}function T(r){let e=process.platform==="darwin"?`open "${r}"`:process.platform==="w... L15: ${r} ... L23: </body> L24: </html>`}async function P(r){try{let e=await fetch(`${r.replace(/\/$/,"")}/api/dev-login`,{method:"POST"});if(e.status===403)return{ok:!1,error:"dev-login disabled (not in dev mode... L25: ${n.toString()}
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist-cli/chunks/login-O6XRDK26.jsView on unpkg · L1
detox/run-test.tsView file
1#!/usr/bin/env npx tsx L2: // run an external detox test against sootsim ... L8: L9: import { execSync } from 'child_process' L10: import * as fs from 'fs'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

detox/run-test.tsView on unpkg · L1

Findings

3 Critical9 High7 Medium6 Low
CriticalCredential Exfiltrationdist-lib/skills.cjs
CriticalGlobal Object Hijack Exfiltrationdist-lib/skills.cjs
CriticalTrigger Reachable Dangerous Capabilitydist-lib/skills.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist-lib/host/bridge-host.cjs
HighShell
HighEvaldist-lib/skills.cjs
HighSame File Env Network Executiondist-lib/agent-daemon-client.cjs
HighCommand Output Exfiltrationdist-cli/chunks/chunk-IOJDFCGV.js
HighSandbox Evasion Gated Capabilitydist-cli/chunks/login-O6XRDK26.js
HighObfuscated Payload Loaderdist-lib/skills.cjs
HighRuntime Package Installdetox/run-test.ts
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist-lib/agent-identity.cjs
MediumUnsafe Vm Contextdist-lib/skills.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist-cli/chunks/chunk-INRO26KS.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings