Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystem
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcebin/byteask.jsView file
10L11: const { spawnSync } = require("child_process");
L12: const { existsSync, mkdirSync } = require("fs");
...
L15:
L16: const BUNDLE = (process.env.BYTEASK_BUNDLE_URL || "https://code.byteask.ai").replace(/\/+$/, "");
L17: const HOME = process.env.BYTEASK_HOME || path.join(os.homedir(), ".byteask");
L18: const VENDOR = path.join(HOME, "runtime");
L19: const isWin = process.platform === "win32";
L20: const wrapper = path.join(VENDOR, isWin ? "byteask.ps1" : "byteask");
...
L29: mkdirSync(VENDOR, { recursive: true });
L30: process.stderr.write("[byteask] first run: fetching the ByteAsk engine (one time)...\n");
L31: let r;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/byteask.jsView on unpkg · L10Findings
1 High1 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/byteask.js
MediumEnvironment Vars
LowFilesystem
LowUrl Strings
LowNo License