registry / record
@wonderwhy-er/desktop-commander
> throne registry @wonderwhy-er/desktop-commander
sealed
- scan id
- 7a5582e75f7746d6866326645686e473
- target
- @wonderwhy-er/desktop-commander
- sealed at
- 2026-06-12 18:21:54Z
- evidence hash
- sha256:bbc686fa148c054a8570d025a2f5375831c561909224e012095e830141383b74
step timed out after 10s
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
step timed out after 10s
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
not run — connect failed
"postinstall" runs arbitrary code on every npm install: 'node dist/track-installation.js && node dist/npm-scripts/verify-ripgrep.js || node -e "process.exit('
package/package.json"prepare" runs on git-dependency installs and local dev (not registry installs): 'npm run build'
package/package.jsonspawn() called with a dynamically built command (heuristic — review): 'whichCommand, [commandName], { windowsHide: true }); // Prevent visible console '
package/dist/remote-device/desktop-commander-integration.js:79spawn() called with a dynamically built command (heuristic — review): 'rgPath, args, { windowsHide: true }); // Prevent visible console windows on Wind'
package/dist/search-manager.js:36exec() called with a dynamically built command (heuristic — review): 'xml)) !== null) {'
package/dist/search-manager.js:428exec() called with a dynamically built command (heuristic — review): 'actualCommand, { timeout: 10000 }, (error, stdout, stderr) => {'
package/dist/setup-claude-server.js:544spawn() called with a dynamically built command (heuristic — review): 'spawnConfig.executable, spawnConfig.args, spawnOptions);'
package/dist/terminal-manager.js:193spawn() called with a dynamically built command (heuristic — review): 'process.execPath, [tempFile], {'
package/dist/tools/improved-process-tools.js:28execSync() called with a dynamically built command (heuristic — review): "`ps -p ${ppid} -o command=`, { encoding: 'utf8' }).trim();"
package/dist/track-installation.js:109exec() called with a dynamically built command (heuristic — review): 'actualCommand, { timeout: 10000 }, (error, stdout, stderr) => {'
package/dist/uninstall-claude-server.js:422execSync() called with a dynamically built command (heuristic — review): "`${whichCmd} ${systemRg}`, { encoding: 'utf-8' }).trim().split(/\\r?\\n/)[0];"
package/dist/utils/ripgrep-resolver.js:38execSync() called with a dynamically built command (heuristic — review): '`${cmd} --version`, {'
package/dist/utils/system-info.js:37412 non-local endpoint host(s) referenced in code — verify each is expected for this server's purpose: (package/dist/ui/file-preview/src/markdown/editor.js:662), calendar.app.google (package/dist/setup-claude-server.js:621), claude.ai (package/dist/setup-claude-server.js:645), dc-telemetry-proxy-83847352264.europe-west1.run.app (package/dist/setup-claude-server.js:15), desktopcommander.app (package/dist/utils/dockerPrompt.js:24), discord.com (package/dist/setup-claude-server.js:622), mcp.desktopcommander.app (package/dist/remote-device/device.js:12), prosemirror.net (package/dist/ui/file-preview/preview-runtime.js:92), schemas.openxmlformats.org (package/dist/utils/files/docx.js:405), tally.so (package/dist/tools/feedback.js:76), telemetry.desktopcommander.app (package/dist/setup-claude-server.js:14), www.google.com (package/dist/tools/pdf/markdown.js:269)
package/dist/remote-device/device.js:12base64-like blob of 4504 chars in a file that also decodes/executes data
package/dist/ui/file-preview/preview-runtime.js:217maintainer of this server? challenge this record: hello@usethrone.dev. tell us what we got wrong and we re-run it in the open.
this page renders the stored record of a real run. nothing on it is asserted without the execution that proved it.