Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
5 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgdocs.zipView file
•path = docs.zip
kind = high_entropy_blob
sizeBytes = 38716209
magicHex = [redacted]
High
•path = docs.zip
kind = compressed_blob
sizeBytes = 38716209
magicHex = [redacted]
Medium
•path = docs.zip
kind = nested_archive_needs_inspection
sizeBytes = 38716209
magicHex = [redacted]
Low
Nested Archive Needs Inspection
Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
docs.zipView on unpkgFindings
2 High4 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighShips High Entropy Blobdocs.zip
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Compressed Blobdocs.zip
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiondocs.zip