registry  /  volute  /  0.44.0

volute@0.44.0

⚠ Under review

CLI for creating and managing self-modifying AI minds powered by the Claude Agent SDK

Static Scan Results

scanned 7h ago · by rust-scanner

Static analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 183 file(s), 2.00 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.telegram.org, discord.com, github.com, openrouter.ai, registry.npmjs.org, slack.com, svelte.dev, volute.systems, www.apple.com, www.w3.org

Source & flagged code

10 flagged · loading source
dist/chunk-2BONPXAF.jsView file
6// packages/daemon/src/lib/update-check.ts L7: import { execFile as execFileCb, execFileSync } from "child_process"; L8: import { existsSync, readFileSync, realpathSync, writeFileSync } from "fs";
High
Child Process

Package source references child process execution.

dist/chunk-2BONPXAF.jsView on unpkg · L6
dist/status-E5DQNCAO.jsView file
97}); L98: var run = cmd.execute; L99: async function getServiceInfo() {
High
Shell

Package source references shell execution.

dist/status-E5DQNCAO.jsView on unpkg · L97
dist/chunk-OMETFX5H.jsView file
matchType = previous_version_dangerous_delta matchedPackage = volute@0.40.2 matchedIdentity = npm:dm9sdXRl:0.40.2 similarity = 0.725 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-OMETFX5H.jsView on unpkg
933try { L934: const { getSleepManagerIfReady: getSleepManagerIfReady2 } = await import("./sleep-manager-HINI6Y46.js"); L935: const sleepMgr = getSleepManagerIfReady2();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-OMETFX5H.jsView on unpkg · L933
dist/setup-5GCO3CUB.jsView file
29// src/commands/setup.ts L30: import { execFileSync, spawn } from "child_process"; L31: import { mkdirSync, writeFileSync } from "fs"; ... L96: if (host) args.push("--host", host); L97: const home = homedir(); L98: const binUnderHome = voluteBin.startsWith(`${home}/`); ... L114: "ReadWritePaths=/var/lib/volute /minds", L115: "PrivateTmp=yes" L116: ]; ... L123: var DATA_DIR = "/var/lib/volute"; L124: var MINDS_DIR = process.platform === "darwin" ? "/var/lib/volute/minds" : "/minds"; L125: var PROFILE_PATH = "/etc/profile.d/volute.sh";
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/setup-5GCO3CUB.jsView on unpkg · L29
dist/daemon.jsView file
477); L478: const daemonToken = process.env.VOLUTE_DAEMON_TOKEN; L479: if (!daemonToken) { ... L486: ...process.env, L487: VOLUTE_DAEMON_URL: `http://${daemonLoopback()}:${daemonPort}`, L488: VOLUTE_DAEMON_TOKEN: daemonToken, ... L492: }; L493: const child = spawn(process.execPath, [builtinBridge], spawnOpts); L494: let lastStderr = "";
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/daemon.jsView on unpkg · L477
486...process.env, L487: VOLUTE_DAEMON_URL: `http://${daemonLoopback()}:${daemonPort}`, L488: VOLUTE_DAEMON_TOKEN: daemonToken, ... L492: }; L493: const child = spawn(process.execPath, [builtinBridge], spawnOpts); L494: let lastStderr = ""; L495: child.stdout?.pipe(logStream); L496: child.stderr?.on("data", (chunk) => { L497: logStream.write(chunk); L498: lastStderr = chunk.toString().trim();
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/daemon.jsView on unpkg · L486
7113const [cmd, args] = await wrapForIsolation("npm", ["install"], mindName); L7114: await exec(cmd, args, { L7115: cwd: variantDir, ... L7122: const msg = e instanceof Error ? e.message : String(e); L7123: return c.json({ error: `npm install failed: ${msg}` }, 500); L7124: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/daemon.jsView on unpkg · L7113
dist/skills/dreaming/scripts/wake-context-dreams.shView file
path = [redacted]-context-dreams.sh kind = build_helper sizeBytes = 1180 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/skills/dreaming/scripts/wake-context-dreams.shView on unpkg
templates/_base/.init/.local/hooks/wake-context.shView file
path = templates/_base/.init/.local/hooks/wake-context.sh kind = payload_in_excluded_dir sizeBytes = 421 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

templates/_base/.init/.local/hooks/wake-context.shView on unpkg

Findings

1 Critical6 High6 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/chunk-OMETFX5H.js
HighChild Processdist/chunk-2BONPXAF.js
HighShelldist/status-E5DQNCAO.js
HighSame File Env Network Executiondist/daemon.js
HighCommand Output Exfiltrationdist/daemon.js
HighRuntime Package Installdist/daemon.js
HighPayload In Excluded Dirtemplates/_base/.init/.local/hooks/wake-context.sh
MediumDynamic Requiredist/chunk-OMETFX5H.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/setup-5GCO3CUB.js
MediumShips Build Helperdist/skills/dreaming/scripts/wake-context-dreams.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings