Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
CopyleftLicense
Source & flagged code
3 flagged · loading sourcecli/dai.mjsView file
18import { homedir, tmpdir } from "node:os";
L19: import { execFileSync } from "node:child_process";
L20: import { createInterface } from "node:readline/promises";
High
631process.stdout.write("\n");
L632: const openspecPresent = () => { try { execFileSync(npmBin("openspec"), ["--version"], { stdio: "ignore" }); return true; } catch { return false; } };
L633: const osTools = [want.claude && "claude", want.copilot && "github-copilot", want.cursor && "cursor"]
L634: .filter(Boolean).join(",") || "claude,github-copilot,cursor";
L635: const osHint = "para sumarlo después: npm i -g @fission-ai/openspec@latest && openspec init --tools " + osTools;
L636: if (hasOpenspec) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
cli/dai.mjsView on unpkg · L631install.shView file
•path = install.sh
kind = build_helper
sizeBytes = 763
magicHex = [redacted]
Medium
Findings
3 High4 Medium6 Low
HighChild Processcli/dai.mjs
HighShell
HighRuntime Package Installcli/dai.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License