Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 19 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
11 flagged · loading sourcePackage contains a critical-looking secret pattern.
agent/agent/redact.pyView on unpkg · L135Package source references a known benign dynamic code generation pattern.
agent/apps/desktop/scripts/measure-synthetic-stream.mjsView on unpkg · L64Package source references dynamic require/import behavior.
agent/ui-tui/packages/hermes-ink/src/utils/semver.tsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
agent/ui-tui/src/gatewayClient.tsView on unpkg · L334Package ships non-JavaScript build or shell helper files.
agent/batch_runner.pyView on unpkgPackage ships high-entropy non-source blobs.
agent/web/public/favicon.icoView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
agent/plugins/hermes-achievements/tests/test_achievement_engine.pyView on unpkgHardcoded password in agent/tools/terminal_tool.py
agent/tools/terminal_tool.pyView on unpkg · L793