Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/modes/sandbox-client.jsView file
39},
L40: async exec(handle, command, options) {
L41: const internal = handle;
High
Child Process
Package source references child process execution.
dist/modes/sandbox-client.jsView on unpkg · L3932await internal.sandbox.fs.uploadFiles(files);
L33: // Same offline-friendly npm install pattern as the proxy path so
L34: // the bundle's runtime dep resolves consistently across modes.
...
L39: },
L40: async exec(handle, command, options) {
L41: const internal = handle;
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/modes/sandbox-client.jsView on unpkg · L32dist/bundle.test.jsView file
84await writeFile(path.join(packageDir, 'index.cjs'), [
L85: "const process = require('process');",
L86: 'module.exports = process.release.name;',
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bundle.test.jsView on unpkg · L84Findings
3 High4 Medium5 Low
HighChild Processdist/modes/sandbox-client.js
HighShell
HighRuntime Package Installdist/modes/sandbox-client.js
MediumDynamic Requiredist/bundle.test.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License