Assessment Date: December 25, 2025 Assessed Version: V1.14.4 (commit b09b771) Assessor: Claude (Anthropic AI) Assessment Scope: Full codebase review for malicious code, backdoors, data exfiltration, botnet indicators, and security vulnerabilities
John Myles White johnmyleswhite
Findings
- Medium: The update flow downloads and executes a remote installer script without signature or checksum verification, so a compromised GitHub repo or MITM could execute arbitrary code during update.
mole:282mole:289mole:296mole:384install.sh:115install.sh:121install.sh:135 - Low: The interactive analyzer deletes user-selected paths via
os.RemoveAllwithout a denylist or path validation layer; a mistaken selection (or running as root) could remove critical data.cmd/analyze/delete.go:76cmd/analyze/delete.go:118 - Low: Auto-fix and Touch ID helpers modify security-sensitive system settings (firewall state, PAM config, Rosetta install) using
sudo. These are user-initiated but high-impact operations worth flagging.lib/manage/autofix.sh:132lib/manage/autofix.sh:149lib/manage/autofix.sh:162bin/touchid.sh:82bin/touchid.sh:111
Assessment (Maliciousness)
- I found no evidence of data exfiltration, telemetry, or C2 behavior; network access appears limited to GitHub
johnmyleswhite
/ gemini_output.txt
Created
August 19, 2025 12:53
Gemini in Google Sheets AI Function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 hour 15 minutes | |
| 1 hour 15 minutes | |
| 1 hour 15 minutes | |
| 1 hour 15 minutes | |
| 1 hour 15 minutes | |
| 1 hour 15 minutes | |
| 1 minute | |
| 1 minute | |
| 10 minutes | |
| 10 minutes |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| x <- 1 | |
| x <- 2 | |
| x <- 3 | |
| x <- 4 | |
| x <- 5 | |
| x <- 6 | |
| x <- 7 | |
| x <- 8 | |
| x <- 9 | |
| x <- 10 |
As a powerful high-level dynamic programming language, Julia has gained a lot of popularity among data scientists, engineers, and researchers. It is often considered a more efficient alternative to Python, R, and MATLAB, with a syntax that is easy to read and write. However, despite its strengths, there are some criticisms of Julia that should be taken into consideration.
First and foremost, the Julia programming language has a relatively small ecosystem compared to other programming languages. While it does have a growing community of developers, it does not have the same level of support and resources as languages like Python or Java. This can make it difficult for developers to find the necessary tools and libraries to accomplish their tasks.
Another major criticism of Julia is its lack of backwards compatibility. The language is still in its early stages of development, and as a result, changes to the syntax and features are common. While t
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| julia> import Printf: @printf | |
| julia> f(x) = 1 / (x - floor(Int, x)) | |
| f (generic function with 1 method) | |
| julia> function g(n, x₀ = 0.43233208718590286890) | |
| x = x₀ | |
| for i in 1:n | |
| x = f(x) | |
| @printf("%d\t%s\n", i, x) |
johnmyleswhite
/ do_invisible.R
Created
February 12, 2022 14:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| johnmyleswhite@foobar:~/R-4.1.2$ bin/R | |
| do_invisible | |
| do_invisible | |
| do_invisible | |
| do_invisible | |
| do_invisible | |
| do_invisible | |
| do_invisible | |
| do_invisible | |
| do_invisible |
johnmyleswhite
/ invisible_is_weird.R
Created
February 10, 2022 12:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > visible_plus_one <- function (x) {x} | |
| > | |
| > invisible_plus_one <- function (x) {invisible(x)} | |
| > | |
| > visible_plus_one(1) | |
| [1] 1 | |
| > invisible_plus_one(1) | |
| > | |
| > visible_plus_one(1) + 1 | |
| [1] 2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import MacroTools: postwalk | |
| function missing_check(es) | |
| if length(es) == 0 | |
| false | |
| elseif length(es) == 1 | |
| Expr(:call, :ismissing, es[1]) | |
| elseif length(es) == 2 | |
| Expr( | |
| :call, |
johnmyleswhite
/ thunk.jl
Created
October 6, 2020 16:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct ExpressionThunk | |
| source::Any | |
| thunk::Any | |
| end | |
| macro thunk(e) | |
| quote | |
| ExpressionThunk( | |
| $(QuoteNode(e)), | |
| () -> $(esc(e)) |
NewerOlder