Static Scan Results
scanned 13h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedProtestwareTelemetryUrlStrings
Source & flagged code
3 flagged · loading sourcedist-cli/index.jsView file
531patternName = private_key_rsa
severity = critical
line = 531
matchedText = if (kind...d]";
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist-cli/index.jsView on unpkg · L531531patternName = private_key_rsa
severity = critical
line = 531
matchedText = if (kind...d]";
Critical
16Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network, execution+network
L16: });
L17: import { spawn } from "child_process";
L18: function openBrowser(url) {
L19: try {
L20: const platform = process.platform;
L21: const cmd = platform === "darwin" ? "open" : platform === "win32" ? "cmd" : "xdg-open";
...
L56: import { homedir } from "os";
L57: var DEFAULT_CONFIG_DIR = join(homedir(), ".aster-agent-console");
L58: var DEFAULT_DB_PATH = join(DEFAULT_CONFIG_DIR, "agent-console.db");
...
L301: try {
L302: m = JSON.parse(row.metrics_json);
L303: } catch {
High
Entrypoint Build Divergence
Manifest entrypoint contains risky behavior absent from dist/build output.
dist-cli/index.jsView on unpkg · L16Findings
2 Critical1 High4 Medium5 Low
CriticalCritical Secretdist-cli/index.js
CriticalSecret Patterndist-cli/index.js
HighEntrypoint Build Divergencedist-cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings