Package Under Review

This package is under review. Identity is withheld until findings are confirmed. This is an automated assessment and findings are risk indicators, not confirmed threats.

3 threats detected

Downloads: <1K

pkg-d29hcnU...

npmwarnings detected

Security Scan Results

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Confirmed Threats (3)

Code Injection

confidence: 70%confirmed

Location: dist/init/TemplateEngine.js:217

const safeEval = new Function('return ' + evaluableCondition);

Insecure Deserialization

confidence: 50%confirmed

Location: dist/ai/PromptManager.js:128

const promptTemplate = yaml.load(content);

Insecure Deserialization

confidence: 50%confirmed

Location: dist/supervisor/ToolRecommendationEngine.js:30

const definitions = yaml.load(content);

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.
→3 verified threat patterns detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

Identity withheld

Pending verification process

Download Range

<1K

Last Scanned

2 days ago

Trust Score

65/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: api.anthropic.com, api.github.com, api.npmjs.org...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: HOME, NODE_ENV, SENTRY_DSN...