Static Scan Results
scanned 16h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsEvalFilesystem
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/web/index.jsView file
37try {
L38: const fn = new Function('return (async () => {' + code + '\\n})()')
L39: await fn()
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/web/index.jsView on unpkg · L37dist/sandbox.cjsView file
2package = @agentskit/sandbox; repositoryIdentity = agentskit; dependency = @agentskit/core
L2:
L3: var core = require('@agentskit/core');
L4:
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/sandbox.cjsView on unpkg · L2Findings
1 High2 Medium4 Low
HighCopied Package Dependency Bridgedist/sandbox.cjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/web/index.js
LowFilesystem
LowHigh Entropy Strings