registry  /  @aiscene/aiserver  /  1.9.4

@aiscene/aiserver@1.9.4

AI automation server with device management, task scheduling, and debug capabilities

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 73 file(s), 775 KB of source, external domains: 127.0.0.1, autobots-bk.jd.local, clawai.jd.com, modelservice.jdcloud.com, nethp-test.jd.com, opentest.jd.com, opentestai.jd.com, proxy-pc.jd.com, ssa.jd.com, storage.jd.com

Source & flagged code

1 flagged · loading source
dist/.envView file
32patternName = blocked_file severity = critical matchedText = dist/.env redactedSecretContext = secretLikeLines = 4 L32: OPENAI_API_KEY=<redacted:0 empty> L47: MIDSCENE_MODEL_API_KEY=<redacted:39 token-like> L48: MIDSCENE_MODEL_NAME=<redacted:29 token-like> L49: MIDSCENE_MODEL_FAMILY=<redacted:22 token-like>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/.envView on unpkg · L32

Findings

1 Critical2 Medium4 Low
CriticalCritical Secretdist/.env
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings