Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsNetwork
HighEntropyStringsMinifiedUrlStrings
CopyleftLicense
Source & flagged code
3 flagged · loading sourcedist/cli.mjsView file
1#!/usr/bin/env node
L2: import{C as e,D as t,T as n,b as r,d as i,f as a,m as o,n as s,o as c,p as l,r as u,t as d,u as f,v as p,w as m}from"./src-D8VARgsy.mjs";import{constants as h,existsSync as g,readF...
L3: Found tools:
...
L45: # - Only HTTPS URLs are allowed (set security.enforceHttps: false to allow HTTP)
L46: # - Private IPs and localhost are blocked (set security.allowPrivateIPs: true for internal networks)
L47: # - Blocked ranges: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16
Low
dist/src-DP2NGZ6s.cjsView file
1var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{i...
L2: ---`,3);if(n===-1)return{frontMatter:null,content:e};let r=t.slice(4,n).trim();if(!r)return{frontMatter:null,content:e};let i={},a=r.split(`
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src-DP2NGZ6s.cjsView on unpkg · L11var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{i...
L2: ---`,3);if(n===-1)return{frontMatter:null,content:e};let r=t.slice(4,n).trim();if(!r)return{frontMatter:null,content:e};let i={},a=r.split(`
...
L4: `).trimEnd():c===`folded`?i[o]=s.join(` `).trim():i[o]=s.join(``).trim()),o=null,s=[],c=null,l=0};for(let e=0;e<a.length;e++){let t=a[e],n=t.trim(),r=t.indexOf(`:`);if(r!==-1&&!t.s...
L5: `)||``);return n?{promptName:t.name,skill:n.skill,autoDetected:!0}:null}catch(n){return this.logger.warn(`${D} Failed to fetch prompt '${t.name}' from ${e.serverName}: ${j(n)}`),nu...
L6: <instruction>
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src-DP2NGZ6s.cjsView on unpkg · L1Findings
2 High2 Medium5 Low
HighSame File Env Network Executiondist/src-DP2NGZ6s.cjs
HighCommand Output Exfiltrationdist/src-DP2NGZ6s.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/cli.mjs
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License