Static Scan Results
scanned 10d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
HighEntropyStringsObfuscatedUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourceadapters/mobile/bridge-runtime/cdp-bridge.cjsView file
143L144: async eval(client, args) {
L145: const expression = args.join(' ');
Low
Eval
Package source references a known benign dynamic code generation pattern.
adapters/mobile/bridge-runtime/cdp-bridge.cjsView on unpkg · L143library/actions/core/perps/_controller.mjsView file
309const [{ PerpsController }, { Messenger, MOCK_ANY_NAMESPACE }] = await Promise.all([
L310: import(controllerEntry(projectRoot)),
L311: import(messengerEntry(projectRoot)),
Medium
Dynamic Require
Package source references dynamic require/import behavior.
library/actions/core/perps/_controller.mjsView on unpkg · L309adapters/core/inject.shView file
•path = adapters/core/inject.sh
kind = build_helper
sizeBytes = 7205
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
adapters/core/inject.shView on unpkgFindings
5 Medium7 Low
MediumDynamic Requirelibrary/actions/core/perps/_controller.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperadapters/core/inject.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaladapters/mobile/bridge-runtime/cdp-bridge.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License