registry  /  total-recall-brain  /  3.14.5

total-recall-brain@3.14.5

⚠ Under review

Personal AI system — database-free, SSSS-powered intelligence engine deployable to any POSIX host.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 23 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
GitDependency
scanned 196 file(s), 2.54 MB of source, external domains: 127.0.0.1, ai.google.dev, aistudio.google.com, api-dashboard.search.brave.com, api.anthropic.com, api.digitalocean.com, api.duckduckgo.com, api.exa.ai, api.github.com, api.hetzner.cloud, api.linode.com, api.openai.com, api.search.brave.com, api.tavily.com, api.vultr.com, app.example.com, arxiv.org, brave.com, caddyserver.com, cloud.digitalocean.com, code.claude.com, console.anthropic.com, console.hetzner.cloud, console.vast.ai, console.x.ai, core.telegram.org, cursor.com, deb.nodesource.com, developers.cloudflare.com, developers.openai.com, dl.cloudsmith.io, docs.anthropic.com, docs.digitalocean.com, docs.github.com, docs.x.ai, duckduckgo.com, elevenlabs.io, en.wikipedia.org, exa.ai, example.com, export.arxiv.org, geminicli.com, generativelanguage.googleapis.com, github.com, google.serper.dev, huggingface.co, news.ycombinator.com, openai.com, openrouter.ai, platform.openai.com

Source & flagged code

15 flagged · loading source
src/cli/reset-password.mjsView file
70patternName = generic_password severity = medium line = 70 matchedText = console....)`);
Medium
Secret Pattern

Package contains a possible secret pattern.

src/cli/reset-password.mjsView on unpkg · L70
73patternName = generic_password severity = medium line = 73 matchedText = console....n`);
Medium
Secret Pattern

Hardcoded password in src/cli/reset-password.mjs

src/cli/reset-password.mjsView on unpkg · L73
frontend/src/api.tsView file
1181headers: { 'Content-Type': 'application/json' }, L1182: body: JSON.stringify({ code: 'const { execSync } = require("child_process"); console.log(JSON.stringify({ output: execSync("npx total-recall lint --okf 2>&1 || true", { encoding: "... L1183: })
High
Child Process

Package source references child process execution.

frontend/src/api.tsView on unpkg · L1181
1181headers: { 'Content-Type': 'application/json' }, L1182: body: JSON.stringify({ code: 'const { execSync } = require("child_process"); console.log(JSON.stringify({ output: execSync("npx total-recall lint --okf 2>&1 || true", { encoding: "... L1183: })
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

frontend/src/api.tsView on unpkg · L1181
src/server/index.mjsView file
146const util = await import('node:util'); L147: const execAsync = util.promisify(exec); L148: try {
High
Shell

Package source references shell execution.

src/server/index.mjsView on unpkg · L146
bin/total-recall.mjsView file
141if (command === '--version' || command === '-v') { L142: const pkg = await import(path.join(__dirname, '..', 'package.json'), { with: { type: 'json' } }); L143: console.log(`total-recall v${pkg.default.version}`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/total-recall.mjsView on unpkg · L141
src/core/quick-capture.mjsView file
15// Support test overrides: if _TR_TEST_AGENT_DIR is set, derive brainDir from it L16: const testDir = process.env._TR_TEST_AGENT_DIR; L17: if (testDir && testDir !== agentDir) { ... L139: .map(f => { L140: try { return JSON.parse(fs.readFileSync(path.join(dir, f), 'utf8')); } L141: catch { return null; }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/core/quick-capture.mjsView on unpkg · L15
src/cli/uninstall.mjsView file
521package = total-recall-brain; repositoryIdentity = total-recall; dependency = yaml L521: try { L522: const { default: yaml } = await import('yaml'); L523: const securityObj = yaml.parse(fs.readFileSync(securityPath, 'utf8')) || {};
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

src/cli/uninstall.mjsView on unpkg · L521
30import path from 'node:path'; L31: import { spawnSync, execFileSync } from 'node:child_process'; L32: import backup from './backup.mjs'; ... L92: L93: const HOME = os.homedir(); L94: console.error(` ... L121: if (remoteCheck.status === 0) { L122: detectedRemote = remoteCheck.stdout.toString().trim(); L123: } else { ... L203: log(`Unloading ${plist}...`); L204: runCommand('launchctl', ['unload', '-w', plistPath]); L205: try {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

src/cli/uninstall.mjsView on unpkg · L30
src/cli/setup.mjsView file
16import readline from 'node:readline'; L17: import { execSync, spawnSync } from 'node:child_process'; L18: import fs from 'node:fs'; ... L20: import path from 'node:path'; L21: import https from 'node:https'; L22: import { fileURLToPath } from 'node:url'; ... L24: L25: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L26: ... L48: function prompt(question) { L49: const rl = readline.createInterface({ input: process.stdin, output: process.stdout }); L50: return new Promise(resolve => {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

src/cli/setup.mjsView on unpkg · L16
16import readline from 'node:readline'; L17: import { execSync, spawnSync } from 'node:child_process'; L18: import fs from 'node:fs'; ... L20: import path from 'node:path'; L21: import https from 'node:https'; L22: import { fileURLToPath } from 'node:url'; ... L24: L25: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L26: ... L48: function prompt(question) { L49: const rl = readline.createInterface({ input: process.stdin, output: process.stdout }); L50: return new Promise(resolve => {
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

src/cli/setup.mjsView on unpkg · L16
bin/antigravity.mjsView file
9let outputJson = false; L10: let requestedModel = process.env.TR_CLI_MODEL || 'default'; L11: ... L54: try { L55: let dir = process.cwd(); L56: while (dir !== path.dirname(dir)) { ... L86: try { L87: const url = `https://generativelanguage.googleapis.com/v1beta/models/${resolvedModel}:generateContent?key=${apiKey}`; L88: ... L91: headers: { 'Content-Type': 'application/json' }, L92: body: JSON.stringify({ L93: contents: [{ parts: [{ text: prompt }] }]
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

bin/antigravity.mjsView on unpkg · L9
src/cli/start.mjsView file
11Cross-file remote execution chain: src/cli/start.mjs spawns src/server/index.mjs; helper contains network access plus dynamic code execution. L11: L12: import { spawnSync } from 'node:child_process'; L13: import path from 'node:path'; ... L16: L17: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L18: const SERVER = path.join(__dirname, '..', 'server', 'index.mjs'); ... L52: env: { L53: ...process.env, L54: PORT: port,
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

src/cli/start.mjsView on unpkg · L11
src/cli/deploy.mjsView file
36Detached bundled service listener: src/cli/deploy.mjs spawns src/server/index.mjs; helper exposes a broad-bound HTTP listener. L36: L37: import { execSync, execFileSync, spawnSync, spawn } from 'node:child_process'; L38: import fs from 'node:fs'; ... L47: L48: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L49: ... L73: L74: const activePaths = process.env.PATH ? process.env.PATH.split(path.delimiter) : []; L75: const uniquePaths = Array.from(new Set([...activePaths, ...commonPaths])).filter(p => fs.existsSync(p)); ... L111: if (result.status !== 0 && !opts.ignoreErrors) { L112: const stderr = result.stderr?.toString().trim() || ''; L113: throw new Error(`Command failed (exit ${result.status}): ${cmd}\n${stderr}`);
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

src/cli/deploy.mjsView on unpkg · L36
bin/oci-sniper.shView file
path = bin/oci-sniper.sh kind = build_helper sizeBytes = 2930 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/oci-sniper.shView on unpkg

Findings

2 Critical7 High9 Medium5 Low
CriticalCredential Exfiltrationsrc/cli/setup.mjs
CriticalCommand Output Exfiltrationsrc/cli/setup.mjs
HighChild Processfrontend/src/api.ts
HighShellsrc/server/index.mjs
HighHost Fingerprint Exfiltrationbin/antigravity.mjs
HighCopied Package Dependency Bridgesrc/cli/uninstall.mjs
HighCross File Remote Execution Contextsrc/cli/start.mjs
HighSpawned Bundled Service Listenersrc/cli/deploy.mjs
HighRuntime Package Installfrontend/src/api.ts
MediumSecret Patternsrc/cli/reset-password.mjs
MediumDynamic Requirebin/total-recall.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencesrc/cli/uninstall.mjs
MediumShips Build Helperbin/oci-sniper.sh
MediumStructural Risk Force Deep Review
MediumGit Dependency
MediumSecret Patternsrc/cli/reset-password.mjs
LowScripts Present
LowWeak Cryptosrc/core/quick-capture.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings