← Home

@cleocode/core

npm Repository Homepage

CLEO core business logic kernel — tasks, sessions, memory, orchestration, lifecycle, with bundled SQLite store

100
Versions
MIT
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kryptobaseddev

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:postinstall AI (install-scripts): Named script file shipped in package files; consistent with prebuilt binary fetch for a native supervisor component. ai
phantom-deps phantom-dep:@cleocode/agents AI (phantom-deps): Same-org scoped package in a monorepo; phantom dep pattern is consistent with the other accepted @cleocode phantom deps in this package. ai
semgrep semgrep:shady-links-raw-ip AI (semgrep): Fires on 127.0.0.1 in a unit test for HTTP gate validation — localhost address in test code, not a real network exfiltration endpoint. ai
phantom-deps phantom-dep:tree-sitter-c AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports — phantom-dep detection is a known false positive for this pattern. ai
phantom-deps phantom-dep:tree-sitter-cpp AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
phantom-deps phantom-dep:tree-sitter-go AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
phantom-deps phantom-dep:tree-sitter-java AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
phantom-deps phantom-dep:tree-sitter-javascript AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
semgrep semgrep:hex-decode AI (semgrep): Fires on test files using hardcoded zero-byte test vectors — standard unit test pattern for crypto KDF testing, not a malicious payload. ai
phantom-deps phantom-dep:pino-roll AI (phantom-deps): pino-roll is a pino transport loaded by name in config rather than via direct import — standard pino transport pattern. ai
phantom-deps phantom-dep:@cleocode/skills AI (phantom-deps): Same-org package likely loaded dynamically or referenced indirectly; phantom-dep false positive for intra-monorepo dependencies. ai
phantom-deps phantom-dep:@cleocode/adapters AI (phantom-deps): Same-org package likely loaded dynamically or referenced indirectly; phantom-dep false positive for intra-monorepo dependencies. ai
phantom-deps phantom-dep:tree-sitter-python AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
phantom-deps phantom-dep:tree-sitter-ruby AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
phantom-deps phantom-dep:tree-sitter-rust AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
phantom-deps phantom-dep:tree-sitter-typescript AI (phantom-deps): Tree-sitter language grammars are loaded dynamically via config, not direct imports. ai
typosquat typosquat.levenshtein:cors AI (typosquat): @cleocode/core is a scoped package in the @cleocode org ecosystem, not a typosquat of 'cors'. The name reflects its role as the core library; no impersonation intent. ai
semgrep semgrep:env-spread AI (semgrep): env-spread occurs in test files passing process.env to child git processes with specific overrides — standard test pattern, not credential exfiltration. ai
semgrep semgrep:base64-decode AI (semgrep): Base64 decode is used in a standard AES-GCM decryption function in credentials.ts — legitimate cryptographic code, not obfuscated payload. ai

Versions (showing 100 of 108)

Version Deps Published
2026.6.8 46 / 5
2026.4.74 35 / 3
2026.4.73 35 / 3
2026.4.72 35 / 3
2026.4.70 35 / 3
2026.4.69 35 / 3
2026.4.68 35 / 3
2026.4.67 35 / 3
2026.4.66 35 / 3
2026.4.65 35 / 3
2026.4.64 35 / 3
2026.4.63 35 / 3
2026.4.62 32 / 3
2026.4.60 32 / 3
2026.4.59 32 / 3
2026.4.58 32 / 3
2026.4.57 32 / 3
2026.4.56 32 / 3
2026.4.55 32 / 3
2026.4.54 32 / 3
2026.4.53 32 / 3
2026.4.52 32 / 3
2026.4.51 32 / 3
2026.4.50 32 / 3
2026.4.49 32 / 3
2026.4.48 32 / 3
2026.4.47 32 / 3
2026.4.46 32 / 3
2026.4.45 32 / 3
2026.4.44 32 / 3
2026.4.43 32 / 3
2026.4.42 32 / 3
2026.4.41 32 / 3
2026.4.40 32 / 3
2026.4.39 32 / 3
2026.4.38 32 / 3
2026.4.37 32 / 3
2026.4.36 32 / 3
2026.4.35 31 / 3
2026.4.31 31 / 3
2026.4.30 19 / 3
2026.4.29 19 / 3
2026.4.28 19 / 3
2026.4.27 19 / 3
2026.4.26 19 / 3
2026.4.25 19 / 3
2026.4.24 19 / 3
2026.4.23 19 / 3
2026.4.22 19 / 3
2026.4.21 19 / 3
2026.4.20 19 / 3
2026.4.19 19 / 3
2026.4.18 19 / 3
2026.4.17 19 / 3
2026.4.16 19 / 3
2026.4.15 19 / 3
2026.4.14 19 / 3
2026.4.13 19 / 3
2026.4.12 18 / 2
2026.4.11 18 / 2
2026.4.9 18 / 2
2026.4.7 18 / 2
2026.4.6 18 / 2
2026.4.5 18 / 2
2026.4.4 18 / 2
2026.4.3 18 / 2
2026.4.2 18 / 2
2026.4.0 28 / 2
2026.3.76 18 / 2
2026.3.74 18 / 2
2026.3.73 18 / 2
2026.3.72 18 / 2
2026.3.71 18 / 2
2026.3.70 18 / 2
2026.3.69 17 / 2
2026.3.68 17 / 2
2026.3.67 17 / 2
2026.3.66 17 / 2
2026.3.65 17 / 2
2026.3.64 17 / 2
2026.3.63 17 / 2
2026.3.62 17 / 2
2026.3.61 17 / 2
2026.3.60 17 / 2
2026.3.59 17 / 2
2026.3.58 17 / 2
2026.3.57 17 / 2
2026.3.56 17 / 2
2026.3.55 17 / 2
2026.3.54 17 / 2
2026.3.53 17 / 2
2026.3.52 17 / 2
2026.3.51 17 / 2
2026.3.50 17 / 2
2026.3.49 17 / 2
2026.3.48 17 / 2
2026.3.47 17 / 2
2026.3.46 17 / 2
2026.3.45 14 / 2
2026.3.44 14 / 2
Showing 100 of 108 Next page →

v2026.6.8

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: node scripts/install-supervisor-binary.mjs

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.74

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.73

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.72

14 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

HIGH env-spread: src/tasks/gate-runner.ts:165 semgrep

Spreading entire process.env into an object — may capture all secrets 163 | const out = await execFileAsync(bin!, args, { 164 | cwd, > 165 | env: { ...process.env, ...gate.env }, 166 | timeout: timeoutMs, 167 | });

HIGH env-spread: src/tasks/gate-runner.ts:419 semgrep

Spreading entire process.env into an object — may capture all secrets 417 | const out = await execFileAsync(gate.cmd, gate.args ?? [], { 418 | cwd, > 419 | env: { ...process.env, ...gate.env }, 420 | timeout: timeoutMs, 421 | });

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.70

14 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

HIGH env-spread: src/tasks/gate-runner.ts:164 semgrep

Spreading entire process.env into an object — may capture all secrets 162 | const out = await execFileAsync(bin!, args, { 163 | cwd, > 164 | env: { ...process.env, ...gate.env }, 165 | timeout: timeoutMs, 166 | });

HIGH env-spread: src/tasks/gate-runner.ts:363 semgrep

Spreading entire process.env into an object — may capture all secrets 361 | const out = await execFileAsync(gate.cmd, gate.args ?? [], { 362 | cwd, > 363 | env: { ...process.env, ...gate.env }, 364 | timeout: timeoutMs, 365 | });

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.69

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.68

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.67

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.66

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.65

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.64

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.63

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.62

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths — skill-paths module', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.60

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.59

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.58

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.57

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:81 semgrep

Spreading entire process.env into an object — may capture all secrets 79 | 80 | describe('shouldCheckpoint', () => { > 81 | const originalEnv = { ...process.env }; 82 | 83 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.56

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.55

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.54

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.53

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:739 semgrep

Spreading entire process.env into an object — may capture all secrets 737 | } 738 | > 739 | const gitEnv: NodeJS.ProcessEnv = { 740 | ...process.env, 741 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.52

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.51

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.50

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.49

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.48

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.47

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.46

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.45

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.44

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.43

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:77 semgrep

Spreading entire process.env into an object — may capture all secrets 75 | 76 | describe('shouldCheckpoint', () => { > 77 | const originalEnv = { ...process.env }; 78 | 79 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.42

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.41

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.40

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.39

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.38

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.37

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.36

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.35

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.31

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.30

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.29

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.28

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.27

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.26

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.25

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.24

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.23

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.22

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.21

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.20

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.19

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.18

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.17

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.16

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.15

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.14

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.13

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.12

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.11

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:738 semgrep

Spreading entire process.env into an object — may capture all secrets 736 | } 737 | > 738 | const gitEnv: NodeJS.ProcessEnv = { 739 | ...process.env, 740 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.4.9

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:719 semgrep

Spreading entire process.env into an object — may capture all secrets 717 | } 718 | > 719 | const gitEnv: NodeJS.ProcessEnv = { 720 | ...process.env, 721 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.7

12 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:719 semgrep

Spreading entire process.env into an object — may capture all secrets 717 | } 718 | > 719 | const gitEnv: NodeJS.ProcessEnv = { 720 | ...process.env, 721 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.6

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:719 semgrep

Spreading entire process.env into an object — may capture all secrets 717 | } 718 | > 719 | const gitEnv: NodeJS.ProcessEnv = { 720 | ...process.env, 721 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.5

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:709 semgrep

Spreading entire process.env into an object — may capture all secrets 707 | } 708 | > 709 | const gitEnv: NodeJS.ProcessEnv = { 710 | ...process.env, 711 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.4

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:709 semgrep

Spreading entire process.env into an object — may capture all secrets 707 | } 708 | > 709 | const gitEnv: NodeJS.ProcessEnv = { 710 | ...process.env, 711 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.3

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:709 semgrep

Spreading entire process.env into an object — may capture all secrets 707 | } 708 | > 709 | const gitEnv: NodeJS.ProcessEnv = { 710 | ...process.env, 711 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.2

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:709 semgrep

Spreading entire process.env into an object — may capture all secrets 707 | } 708 | > 709 | const gitEnv: NodeJS.ProcessEnv = { 710 | ...process.env, 711 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.4.0

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:572 semgrep

Spreading entire process.env into an object — may capture all secrets 570 | } 571 | > 572 | const gitEnv: NodeJS.ProcessEnv = { 573 | ...process.env, 574 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.76

20 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@cleocode/core' is 1 edit(s) away from popular package 'cors'.

HIGH env-spread: src/__tests__/remote.test.js:26 semgrep

Spreading entire process.env into an object — may capture all secrets 24 | execFileSync('git', ['init'], { 25 | cwd: cleoDir, > 26 | env: { 27 | ...process.env, 28 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 34 | cwd: cleoDir, > 35 | env: { 36 | ...process.env, 37 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:43 semgrep

Spreading entire process.env into an object — may capture all secrets 41 | execFileSync('git', ['config', 'user.name', 'Test'], { 42 | cwd: cleoDir, > 43 | env: { 44 | ...process.env, 45 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:53 semgrep

Spreading entire process.env into an object — may capture all secrets 51 | execFileSync('git', ['add', 'config.json'], { 52 | cwd: cleoDir, > 53 | env: { 54 | ...process.env, 55 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:61 semgrep

Spreading entire process.env into an object — may capture all secrets 59 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 60 | cwd: cleoDir, > 61 | env: { 62 | ...process.env, 63 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.js:127 semgrep

Spreading entire process.env into an object — may capture all secrets 125 | // Modify a file and commit 126 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 127 | const gitEnv = { 128 | ...process.env, 129 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:37 semgrep

Spreading entire process.env into an object — may capture all secrets 35 | execFileSync('git', ['init'], { 36 | cwd: cleoDir, > 37 | env: { 38 | ...process.env, 39 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:47 semgrep

Spreading entire process.env into an object — may capture all secrets 45 | execFileSync('git', ['config', 'user.email', '[email protected]'], { 46 | cwd: cleoDir, > 47 | env: { 48 | ...process.env, 49 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:55 semgrep

Spreading entire process.env into an object — may capture all secrets 53 | execFileSync('git', ['config', 'user.name', 'Test'], { 54 | cwd: cleoDir, > 55 | env: { 56 | ...process.env, 57 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:66 semgrep

Spreading entire process.env into an object — may capture all secrets 64 | execFileSync('git', ['add', 'config.json'], { 65 | cwd: cleoDir, > 66 | env: { 67 | ...process.env, 68 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:74 semgrep

Spreading entire process.env into an object — may capture all secrets 72 | execFileSync('git', ['commit', '-m', 'init', '--no-verify'], { 73 | cwd: cleoDir, > 74 | env: { 75 | ...process.env, 76 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/__tests__/remote.test.ts:146 semgrep

Spreading entire process.env into an object — may capture all secrets 144 | // Modify a file and commit 145 | await writeFile(join(cleoDir, 'config.json'), '{"version":"2.11.0"}'); > 146 | const gitEnv = { 147 | ...process.env, 148 | GIT_DIR: join(cleoDir, '.git'),

HIGH env-spread: src/scaffold.ts:572 semgrep

Spreading entire process.env into an object — may capture all secrets 570 | } 571 | > 572 | const gitEnv: NodeJS.ProcessEnv = { 573 | ...process.env, 574 | GIT_DIR: cleoGitDir,

HIGH env-spread: src/skills/__tests__/skill-paths.test.js:21 semgrep

Spreading entire process.env into an object — may capture all secrets 19 | import { getSkillSearchPaths } from '../skill-paths.js'; 20 | describe('getSkillSearchPaths', () => { > 21 | const originalEnv = { ...process.env }; 22 | beforeEach(() => { 23 | vi.clearAllMocks();

HIGH env-spread: src/skills/__tests__/skill-paths.test.ts:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | 24 | describe('getSkillSearchPaths', () => { > 25 | const originalEnv = { ...process.env }; 26 | 27 | beforeEach(() => {

HIGH env-spread: src/store/__tests__/git-checkpoint.test.js:54 semgrep

Spreading entire process.env into an object — may capture all secrets 52 | }); 53 | describe('shouldCheckpoint', () => { > 54 | const originalEnv = { ...process.env }; 55 | beforeEach(() => { 56 | vi.clearAllMocks();

HIGH env-spread: src/store/__tests__/git-checkpoint.test.ts:78 semgrep

Spreading entire process.env into an object — may capture all secrets 76 | 77 | describe('shouldCheckpoint', () => { > 78 | const originalEnv = { ...process.env }; 79 | 80 | beforeEach(() => {

HIGH env-spread: src/store/git-checkpoint.ts:32 semgrep

Spreading entire process.env into an object — may capture all secrets 30 | // is a relative path (e.g. '.cleo' returned by getCleoDir() with no cwd arg) 31 | const abs = resolve(cleoDir); > 32 | return { 33 | ...process.env, 34 | GIT_DIR: join(abs, '.git'),

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.74

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.73

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.72

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.71

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.70

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.69

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.68

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.67

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.66

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.65

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.64

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.63

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.62

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.61

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.60

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.59

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.58

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.3.57

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.56

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.55

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.54

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.53

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.52

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.51

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.50

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.49

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.48

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.47

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.46

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.45

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2026.3.44

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.