Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcetests/skills.test.ts#virtual:normalized:round1View file
44afterEach(() => {
L45: globalThis.fetch = originalFetch
L46: vi.restoreAllMocks()
...
L49: it('listSkills returns name + description from the index', async () => {
L50: globalThis.fetch = mockFetch({
L51: 'https://raw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json': {
L52: body: JSON.stringify(INDEX),
L53: },
Critical
Builtin Api Tampering Exfiltration
Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
tests/skills.test.ts#virtual:normalized:round1View on unpkg · L44Findings
1 Critical2 Medium6 Low
CriticalBuiltin Api Tampering Exfiltrationtests/skills.test.ts#virtual:normalized:round1
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License