Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/bin/orino.jsView file
45try {
L46: return JSON.parse(fs.readFileSync(p, "utf8"));
L47: } catch {
...
L58: function getPkgVersion(dir, pkgName) {
L59: const pkg = readJsonFile(path.join(dir, "package.json"));
L60: if (!pkg) return null;
...
L228: async function promptForUrl() {
L229: return new Promise((resolve6) => {
L230: const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
L231: rl.question(" What's the live URL? (press Enter to skip URL checks): ", (answer) => {
...
L686: hasDescription: hasComposableProp(script, "useSeoMeta", "description") || hasComposableProp(script, "useHead", "description"),
L687: hasAsyncData: /\b(useAsyncData|useFetch)\s*\(/.test(script),
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin/orino.jsView on unpkg · L45Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/bin/orino.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings