Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/build-image.jsView file
1import { execSync } from "node:child_process";
L2: import { copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, statSync, writeFileSync, } from "node:fs";
High
Child Process
Package source references child process execution.
dist/build-image.jsView on unpkg · L1dist/bundle.mjsView file
13// src/build-image.ts
L14: import { execSync } from "node:child_process";
L15: import {
...
L97: mkdirSync(buildContext, { recursive: true });
L98: let dockerfile = readFileSync(getShippedDockerfile(), "utf8");
L99: if (templatePath && templateName) {
...
L648: return true;
L649: if (process.env.LITELLM_MASTER_KEY)
L650: return true;
High
Remote Agent Bridge
Source exposes local file and command tools to a remote model endpoint.
dist/bundle.mjsView on unpkg · L13574try {
L575: const fs2 = await import("node:fs");
L576: const path2 = await import("node:path");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bundle.mjsView on unpkg · L574Findings
3 High4 Medium4 Low
HighChild Processdist/build-image.js
HighShell
HighRemote Agent Bridgedist/bundle.mjs
MediumDynamic Requiredist/bundle.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings