Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/modes/sandbox-client.jsView file
39},
L40: async exec(handle, command, options) {
L41: const internal = handle;
High
Child Process
Package source references child process execution.
dist/modes/sandbox-client.jsView on unpkg · L3932await internal.sandbox.fs.uploadFiles(files);
L33: // Same offline-friendly npm install pattern as the proxy path so
L34: // the bundle's runtime dep resolves consistently across modes.
...
L39: },
L40: async exec(handle, command, options) {
L41: const internal = handle;
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/modes/sandbox-client.jsView on unpkg · L32dist/bundle.test.jsView file
9import { runtimeContextEnv } from './runtime-context.js';
L10: const require = createRequire(import.meta.url);
L11: function persona(overrides = {}) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bundle.test.jsView on unpkg · L9Findings
3 High4 Medium5 Low
HighChild Processdist/modes/sandbox-client.js
HighShell
HighRuntime Package Installdist/modes/sandbox-client.js
MediumDynamic Requiredist/bundle.test.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License