Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/mcp-proxy.jsView file
12*/
L13: import { spawn } from 'child_process';
L14: import { createInterface } from 'readline';
High
dist/common.jsView file
384// sudo never blocks waiting for a password the ink TUI can't deliver.
L385: export const SUDO_HINT = `Re-run after caching sudo credentials:\n sudo -v && npx @buffbirb/unclaude@latest install`;
L386: export async function sudoRun(args) {
L387: return new Promise((resolve, reject) => {
L388: const proc = spawn('sudo', ['-n', ...args], { stdio: ['ignore', 'ignore', 'pipe'] });
L389: proc.on('close', c => (c === 0 ? resolve() : reject(new Error(`sudo ${args[0]} failed (${c})`))));
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/common.jsView on unpkg · L3841import { execFile, execFileSync, spawn } from 'child_process';
L2: import { promisify } from 'util';
...
L6: // ── Paths ────────────────────────────────────────────────────────────────────
L7: export const HOME = homedir();
L8: export const AIRC = join(HOME, '.airc');
L9: export const ZSHRC = join(HOME, '.zshrc');
L10: export const CLAUDE_SETTINGS = join(HOME, '.claude', 'settings.json');
...
L145: }
L146: if (process.platform === 'darwin' && supported('appleSandbox')) {
L147: items.push({ id: 'appleSandbox', label: FEATURE_LABELS.appleSandbox, indent: false });
...
L266: export async function run(cmd, args = []) {
L267: const { stdout } = await execFileAsync(cmd, args);
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/common.jsView on unpkg · L1Findings
3 High4 Medium5 Low
HighChild Processdist/mcp-proxy.js
HighShell
HighRuntime Package Installdist/common.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/common.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings