Static Scan Results
scanned 10d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
883async function gate() {
L884: if (!ensureInteractive("\uC544\uC774\uB514\uC5B4 \uAC80\uC99D\uC740 \uB300\uD654\uD615 \uC9C8\uBB38\uC774 \uD544\uC694\uD569\uB2C8\uB2E4. \uD130\uBBF8\uB110(PowerShell \uB4F1)\uC5D...
L885: console.log(chalk.bold(`
...
L1268: // VHK-006: 생성 프로젝트엔 docs/spec.md 가 없음 → vhk 저장소의 규격 문서를 외부 링크로 참조.
L1269: "\uC804\uCCB4 \uADDC\uACA9\uC740 [vhk \uADDC\uACA9 \uBB38\uC11C](https://github.com/byh3071-cpu/vhk/blob/main/docs/spec.md) (spec_version 1.1) \uCC38\uC870.",
L1270: "",
...
L1489: function loadCoreRuleset() {
L1490: const brainRoot = process.env.YOHAN_BRAIN_ROOT;
L1491: if (brainRoot) {
...
L1500: return {
L1501: data: CORE_RULESET_SNAPSHOT,
L1502: source: "bundled",
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L883883async function gate() {
L884: if (!ensureInteractive("\uC544\uC774\uB514\uC5B4 \uAC80\uC99D\uC740 \uB300\uD654\uD615 \uC9C8\uBB38\uC774 \uD544\uC694\uD569\uB2C8\uB2E4. \uD130\uBBF8\uB110(PowerShell \uB4F1)\uC5D...
L885: console.log(chalk.bold(`
...
L1268: // VHK-006: 생성 프로젝트엔 docs/spec.md 가 없음 → vhk 저장소의 규격 문서를 외부 링크로 참조.
L1269: "\uC804\uCCB4 \uADDC\uACA9\uC740 [vhk \uADDC\uACA9 \uBB38\uC11C](https://github.com/byh3071-cpu/vhk/blob/main/docs/spec.md) (spec_version 1.1) \uCC38\uC870.",
L1270: "",
...
L1489: function loadCoreRuleset() {
L1490: const brainRoot = process.env.YOHAN_BRAIN_ROOT;
L1491: if (brainRoot) {
...
L1500: return {
L1501: data: CORE_RULESET_SNAPSHOT,
L1502: source: "bundled",
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L883Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings