Static Scan Results
scanned 7h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/plugin2.jsView file
253*/
L254: const SESSIONS_DIR = join(homedir(), ".alfe", "sessions", "chat");
L255: const MAX_SESSIONS = 1e3;
...
L301: const data = await readFile(sessionPath(sessionId), "utf-8");
L302: return JSON.parse(data);
L303: } catch {
...
L554: * - `https:` only.
L555: * - Userinfo (`https://u:p@host/...`) is rejected.
L556: * - IP-literal hosts (v4 or bracketed v6) are rejected outright — only
...
L560: *
L561: * Operators running an agent in a private network that needs to dereference
L562: * additional hosts can extend the list via the
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/plugin2.jsView on unpkg · L253Findings
1 High2 Medium5 Low
HighCloud Metadata Accessdist/plugin2.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License