registry  /  zelari-code  /  1.7.0

zelari-code@1.7.0

Zelari Code — AI Council coding agent CLI. Multi-agent orchestration (Caronte, Nettuno, Gerione, Plutone, Minosse, Lucifero) with slash commands, provider-agnostic LLM streaming, and self-update.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 21 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 122 file(s), 2.16 MB of source, external domains: api.deepseek.com, api.minimax.io, api.tavily.com, api.x.ai, api.z.ai, auth.x.ai, docs.npmjs.com, git-scm.com, github.com, html.duckduckgo.com, json-schema.org, nodejs.org, registry.npmjs.org

Source & flagged code

12 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/cli/updater.jsView file
18import { createRequire } from 'node:module'; L19: import { spawn } from 'node:child_process'; L20: import { existsSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/cli/updater.jsView on unpkg · L18
216: process.platform === 'win32' L217: ? executor(buildCmdLine('npm', args), { stdio, shell: true }) L218: : executor('npm', args, { stdio });
High
Shell

Package source references shell execution.

dist/cli/updater.jsView on unpkg · L216
bin/zelari-code.jsView file
21L22: const require = createRequire(import.meta.url); L23: const __dirname = path.dirname(fileURLToPath(import.meta.url));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/zelari-code.jsView on unpkg · L21
dist/cli/main.bundled.jsView file
51}, L52: body: new URLSearchParams({ L53: client_id: options.clientId, ... L63: if (!response.ok) { L64: const errText = await response.text().catch(() => ""); L65: throw new GrokOAuthError( ... L221: async function runGrokOAuthFlow(options = {}) { L222: const clientId = options.clientId || process.env.GROK_OAUTH_CLIENT_ID || DEFAULT_GROK_OAUTH_CLIENT_ID; L223: if (!clientId || clientId.trim().length === 0) { ... L310: async function openBrowser(url2) { L311: const { spawn: spawn9 } = await import("node:child_process"); L312: const cmd = (() => {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli/main.bundled.jsView on unpkg · L51
310async function openBrowser(url2) { L311: const { spawn: spawn9 } = await import("node:child_process"); L312: const cmd = (() => { ... L437: try { L438: const raw = readFileSync(file2, "utf-8"); L439: const parsed = JSON.parse(raw); ... L560: { id: "openai-compatible", displayName: "OpenAI-compatible", envVar: "OPENAI_API_KEY" }, L561: { id: "minimax", displayName: "MiniMax", envVar: "MINIMAX_API_KEY", baseUrl: "https://api.minimax.io/v1" }, L562: { id: "glm", displayName: "GLM / Z.AI", envVar: "GLM_API_KEY", baseUrl: "https://api.z.ai/api/coding/paas/v4" }, ... L944: systemPromptFragment: `You research using the retrieval system and the web. L945: - Use the retrieval tool listed in your AVAILABLE TOOLS (searchDocuments or searchRAG) to find prior knowledge before answering. L946: - For external facts (library docs, APIs, best practices), use web_search, then fetch_url on the best result.
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/cli/main.bundled.jsView on unpkg · L310
35444if (haystack.includes("eresolve") || haystack.includes("epeerinvalid") || haystack.includes("peer dep")) { L35445: return "\u{1F4A1} hint: peer-dependency conflict. Try:\n npm install -g zelari-code@latest --legacy-peer-deps\n or: npm install -g zelari-code@latest --force"; L35446: } ... L35453: if (haystack.includes("enoent") && haystack.includes("npm")) { L35454: return '\u{1F4A1} hint: `npm` was not found on PATH for the spawned shell.\n Re-open the terminal so it picks up your current PATH, or set:\n export PATH="$(npm prefix -g... L35455: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/main.bundled.jsView on unpkg · L35444
51}, L52: body: new URLSearchParams({ L53: client_id: options.clientId, ... L63: if (!response.ok) { L64: const errText = await response.text().catch(() => ""); L65: throw new GrokOAuthError( ... L221: async function runGrokOAuthFlow(options = {}) { L222: const clientId = options.clientId || process.env.GROK_OAUTH_CLIENT_ID || DEFAULT_GROK_OAUTH_CLIENT_ID; L223: if (!clientId || clientId.trim().length === 0) { ... L310: async function openBrowser(url2) { L311: const { spawn: spawn9 } = await import("node:child_process"); L312: const cmd = (() => {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli/main.bundled.jsView on unpkg · L51
51}, L52: body: new URLSearchParams({ L53: client_id: options.clientId, ... L63: if (!response.ok) { L64: const errText = await response.text().catch(() => ""); L65: throw new GrokOAuthError( ... L221: async function runGrokOAuthFlow(options = {}) { L222: const clientId = options.clientId || process.env.GROK_OAUTH_CLIENT_ID || DEFAULT_GROK_OAUTH_CLIENT_ID; L223: if (!clientId || clientId.trim().length === 0) { ... L310: async function openBrowser(url2) { L311: const { spawn: spawn9 } = await import("node:child_process"); L312: const cmd = (() => {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli/main.bundled.jsView on unpkg · L51
dist/cli/utils/doctor.jsView file
19Cross-file remote execution chain: dist/cli/utils/doctor.js spawns dist/cli/main.bundled.js; helper contains network access plus dynamic code execution. L19: * Output is human-readable, with one line per check + a trailing L20: * summary. Non-zero exit code if any critical check fails so this L21: * can be used in CI / install scripts. ... L29: */ L30: import { execSync } from "node:child_process"; L31: import { existsSync, readFileSync, readlinkSync, statSync } from "node:fs"; ... L36: const require = createRequire(import.meta.url); L37: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L38: // src/cli/utils/doctor.ts → <pkg>/src/cli/utils/doctor.ts ... L40: // In both cases we want the package root: that's `../../` from src/cli/utils, and `../../../` from dist/cli/utils/... L41: // Simplest: walk up until we find package.json with our name. L42: const packageRoot = findPackageRoot(__dirname);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli/utils/doctor.jsView on unpkg · L19
scripts/path-length.ps1View file
path = scripts/path-length.ps1 kind = build_helper sizeBytes = 731 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/path-length.ps1View on unpkg

Findings

7 High7 Medium7 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/cli/updater.js
HighShelldist/cli/updater.js
HighSandbox Evasion Gated Capabilitydist/cli/main.bundled.js
HighRemote Agent Bridgedist/cli/main.bundled.js
HighCross File Remote Execution Contextdist/cli/utils/doctor.js
HighRuntime Package Installdist/cli/main.bundled.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/zelari-code.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli/main.bundled.js
MediumShips Build Helperscripts/path-length.ps1
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/cli/main.bundled.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License