Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
11*/
L12: import { createServer } from "node:http";
L13: import { spawn } from "node:child_process";
L14: import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
...
L35: import { buildAuthorizeUrl, buildGateQuery, detectRuntime, ensureGitignoreEnv, installCommand, mergeMcpConfig, resolveProjectFlag, upsertEnv, wrapSnippet, } from "./project.js";
L36: const API_BASE = process.env["ARGOSVIX_API_BASE"] ?? "https://ingest.argosvix.com";
L37: const DASHBOARD_BASE = process.env["ARGOSVIX_DASHBOARD_BASE"] ?? "https://dashboard.argosvix.com";
...
L39: // ロケールに追従 (日本語環境で /en に飛ばされる不整合の解消。ARGOSVIX_LOCALE で明示上書き可)。
L40: const SYSTEM_LOCALE = Intl.DateTimeFormat().resolvedOptions().locale ?? "en";
L41: const LOCALE = process.env["ARGOSVIX_LOCALE"] ?? (SYSTEM_LOCALE.startsWith("ja") ? "ja" : "en");
...
L95: if (u.pathname !== callbackPath) {
L96: res.writeHead(404).end("not found");
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L11Findings
1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings