registry  /  @comment-io/cli  /  0.1.33

@comment-io/cli@0.1.33

Comment.io CLI and local notification daemon

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 1.21 MB of source, external domains: cmnt.md, comment.io, example.com, github.com, json-schema.org, mathiasbynens.be, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

Source & flagged code

2 flagged · loading source
mcp/comment-mcp.mjsView file
2942sourceCode = this.opts.code.process(sourceCode, sch); L2943: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2944: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

mcp/comment-mcp.mjsView on unpkg · L2942
dist/comment-linux-arm64View file
path = dist/comment-linux-arm64 kind = native_binary sizeBytes = 14221438 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/comment-linux-arm64View on unpkg

Findings

4 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarydist/comment-linux-arm64
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalmcp/comment-mcp.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings