registry  /  wendkeep  /  0.8.0

wendkeep@0.8.0

Automatically capture AI coding agent sessions (Claude Code, Codex) as local Markdown in your Obsidian vault — turn-by-turn history, cost/token tracking, auto-extracted decisions/bugs/learnings, rendered in the graph. Local-first.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 290 KB of source, external domains: github.com, raw.githubusercontent.com

Source & flagged code

2 flagged · loading source
hooks/spec-core.mjsView file
1// hooks/spec-core.mjs — living spec (07-Specs) + change delta merge (OpenSpec native). L2: // Pure parsing/merge + promoteSpecs (fs). No import from change-core (avoids a cycle).
Low
Weak Crypto

Package source references weak cryptographic algorithms.

hooks/spec-core.mjsView on unpkg · L1
hooks/linked-notes.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = wendkeep@0.7.0 matchedIdentity = npm:d2VuZGtlZXA:0.7.0 similarity = 0.471 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

hooks/linked-notes.mjsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltahooks/linked-notes.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptohooks/spec-core.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings