Static Scan Results
scanned 8h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedProtestwareTelemetryUrlStrings
Source & flagged code
4 flagged · loading sourcedist-cli/index.jsView file
814patternName = private_key_rsa
severity = critical
line = 814
matchedText = if (kind...d]";
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist-cli/index.jsView on unpkg · L814814patternName = private_key_rsa
severity = critical
line = 814
matchedText = if (kind...d]";
Critical
214Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network, execution+network
L214: try {
L215: m = JSON.parse(row.metrics_json);
L216: } catch {
...
L222: if (row.type === "test_result") {
L223: if (typeof m.exitCode === "number" && m.exitCode !== 0) testsFailed += 1;
L224: else testsPassed += 1;
...
L445: "use strict";
L446: DEFAULT_CONFIG_DIR = join(homedir(), ".aster-agent-console");
L447: DEFAULT_DB_PATH = join(DEFAULT_CONFIG_DIR, "agent-console.db");
...
L606: });
L607: import { spawn } from "child_process";
L608: function openBrowser(url) {
High
Entrypoint Build Divergence
Manifest entrypoint contains risky behavior absent from dist/build output.
dist-cli/index.jsView on unpkg · L214214try {
L215: m = JSON.parse(row.metrics_json);
L216: } catch {
...
L222: if (row.type === "test_result") {
L223: if (typeof m.exitCode === "number" && m.exitCode !== 0) testsFailed += 1;
L224: else testsPassed += 1;
...
L445: "use strict";
L446: DEFAULT_CONFIG_DIR = join(homedir(), ".aster-agent-console");
L447: DEFAULT_DB_PATH = join(DEFAULT_CONFIG_DIR, "agent-console.db");
...
L606: });
L607: import { spawn } from "child_process";
L608: function openBrowser(url) {
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist-cli/index.jsView on unpkg · L214Findings
2 Critical1 High5 Medium5 Low
CriticalCritical Secretdist-cli/index.js
CriticalSecret Patterndist-cli/index.js
HighEntrypoint Build Divergencedist-cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist-cli/index.js
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings