Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoFilesystemNetwork
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/content.jsView file
1import { lookup as dnsLookup } from "node:dns/promises";
L2: import { request as httpRequest } from "node:http";
...
L112: }
L113: if (policy.denyPrivateHosts === false)
L114: return;
...
L190: if (source === "data") {
L191: bytes = decodeBase64Bounded(readDataField(block), maxItemBytes);
L192: }
...
L221: transcript: readTranscript(block),
L222: metadata: "metadata" in block ? block.metadata : undefined,
L223: };
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/content.jsView on unpkg · L1dist/agents.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @arnilo/prism@0.0.4
matchedIdentity = npm:QGFybmlsby9wcmlzbQ:0.0.4
similarity = 0.869
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/agents.jsView on unpkgFindings
2 High2 Medium3 Low
HighCloud Metadata Accessdist/content.js
HighPrevious Version Dangerous Deltadist/agents.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings