MCP Observatory
npm analyzed 2.97.0

fallow

v2.97.0
npm

Deterministic codebase intelligence for TypeScript and JavaScript. Quality, risk, architecture, dependencies, duplication, and safe cleanup evidence for humans, CI, and agents. Optional runtime intelligence layer (Fallow Runtime) adds production execution

maintainer
bartwaardenburg
license
MIT
first seen
2026-05-22
last seen
2026-06-17
releases · 30d
26
short id

Drift inferred · capture-to-capture

  1. HIGH code analysis flagged hidden prompt content in fallow
capabilities 0 tools
transport stdio counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signals npm-tarball
prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed v2.97.0 · analyzer v18 · 11h ago

skills & prompt files 1

  • ⚠ hidden: skill: skill-exfilpackage/skills/fallow/SKILL.md:115secret→sink: | `security` | Surface opt-in local security candidates for agent verification (not confirmed vulnerabilities). Rule families include the graph rule `client-server-leak`, a data-driven `t
code evidence v2.97.0 · npm-tarball
evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 4

  • fs package/scripts/lazy-verify.js :22 const fs = require("node:fs");
  • fs package/scripts/run-binary.js :13 const fs = require("node:fs");
  • fs package/scripts/sentinel-path.js :14 const fs = require("node:fs");
  • fs package/scripts/verify-binary.js :28 const fs = require("node:fs");

shell / exec 1

  • shell package/scripts/run-binary.js :11 const { execFileSync } = require("node:child_process");

network 1

  • net package/scripts/verify-binary.js :29 const https = require("node:https");

declared dependencies 10

  • detect-libc@2.1.2
  • @tanstack/intent@0.0.42
  • @fallow-cli/darwin-arm64@2.97.0
  • @fallow-cli/darwin-x64@2.97.0
  • @fallow-cli/linux-x64-gnu@2.97.0
  • @fallow-cli/linux-arm64-gnu@2.97.0
  • @fallow-cli/linux-x64-musl@2.97.0
  • @fallow-cli/linux-arm64-musl@2.97.0
  • @fallow-cli/win32-arm64-msvc@2.97.0
  • @fallow-cli/win32-x64-msvc@2.97.0