Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/plugin2.jsView file
253*/
L254: const SESSIONS_DIR = join(homedir(), ".alfe", "sessions", "chat");
L255: const MAX_SESSIONS = 1e3;
...
L301: const data = await readFile(sessionPath(sessionId), "utf-8");
L302: return JSON.parse(data);
L303: } catch {
...
L529: * - `https:` only.
L530: * - Userinfo (`https://u:p@host/...`) is rejected.
L531: * - IP-literal hosts (v4 or bracketed v6) are rejected outright — only
...
L535: *
L536: * Operators running an agent in a private network that needs to dereference
L537: * additional hosts can extend the list via the
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/plugin2.jsView on unpkg · L253Findings
1 High2 Medium5 Low
HighCloud Metadata Accessdist/plugin2.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License