Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/core/openspec.jsView file
1import { execSync } from "node:child_process";
L2: import fs from "node:fs";
High
Child Process
Package source references child process execution.
dist/core/openspec.jsView on unpkg · L121function installOpenspecGlobally() {
L22: execSync("npm install -g openspec", {
L23: stdio: ["ignore", "ignore", "ignore"],
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/core/openspec.jsView on unpkg · L21Findings
3 High1 Medium4 Low
HighChild Processdist/core/openspec.js
HighShell
HighRuntime Package Installdist/core/openspec.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings