Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcesrc/config.mjsView file
1import { execFile } from "node:child_process";
L2: import { chmod, mkdir, readFile, rm, writeFile } from "node:fs/promises";
...
L10:
L11: function configHome(env = process.env) {
L12: return env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
L13: }
...
L30:
L31: async function writeFilePrivate(filePath, value) {
L32: await mkdir(path.dirname(filePath), { recursive: true, mode: 0o700 });
...
L38: try {
L39: const parsed = JSON.parse(await readFile(configPath(env), "utf8"));
L40: return {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/config.mjsView on unpkg · L11scView file
•path = 1sc
kind = native_binary
sizeBytes = 10535746
magicHex = [redacted]
Medium
Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitysrc/config.mjs
MediumEnvironment Vars
MediumShips Native Binary1sc
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License