Static Scan Results
scanned 5h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/bin.jsView file
9// src/util/theme.ts
L10: var noColor = process.env.NO_COLOR != null || process.env.TERM === "dumb" || !process.stdout.isTTY && process.env.FORCE_COLOR == null;
L11: var ESC = "\x1B[";
...
L161: } from "fs";
L162: var CONFIG_DIR = join(homedir(), ".badgie");
L163: var AUTH_FILE = join(CONFIG_DIR, "auth.json");
L164: var CONFIG_FILE = join(CONFIG_DIR, "config.json");
L165: var MCP_URL = process.env.BADGIE_MCP_URL ?? "https://www.badgie.com/api/mcp/mcp";
L166: var MCP_ORIGIN = process.env.BADGIE_ORIGIN ?? "https://www.badgie.com";
...
L171: try {
L172: return JSON.parse(readFileSync(AUTH_FILE, "utf8"));
L173: } catch {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin.jsView on unpkg · L9Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/bin.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings