Static Scan Results
scanned 13d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/terminal/terminal-session.jsView file
40const path = __importStar(require("path"));
L41: const child_process_1 = require("child_process");
L42: const constants_1 = require("../constants");
...
L72: * 直接チェックする。Docker コンテナ内の Node.js プロセスは shell init を経由せず
L73: * 起動するため、process.env.PATH がインタラクティブシェルの PATH と異なり
L74: * spawnSync がバイナリを見つけられないことがある。
...
L101: *
L102: * API サーバーが base64 エンコードされた PEM 秘密鍵をこの変数名で送ってくる。
L103: * TerminalSession はこれを検出してファイルに書き出し、GIT_SSH_COMMAND を設定する。
...
L123: * (clear grace timer + remove from map). It is kept separate from the public
L124: * `exitCallback` so that a later `onExit()` registration by the websocket
L125: * handler (which sends the 'exit' frame) does NOT overwrite the manager's
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/terminal/terminal-session.jsView on unpkg · L40docker/entrypoint.shView file
•path = docker/entrypoint.sh
kind = build_helper
sizeBytes = 335
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
docker/entrypoint.shView on unpkgdist/repo-sync.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @ai-support-agent/cli@0.1.32
matchedIdentity = npm:QGFpLXN1cHBvcnQtYWdlbnQvY2xp:0.1.32
similarity = 0.750
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/repo-sync.jsView on unpkgFindings
1 High5 Medium5 Low
HighPrevious Version Dangerous Deltadist/repo-sync.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/terminal/terminal-session.js
MediumShips Build Helperdocker/entrypoint.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings