Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
Source & flagged code
3 flagged · loading sourcebin/agent-memory.jsView file
3L4: const { spawnSync } = require('node:child_process');
L5: const fs = require('node:fs');
High
Child Process
Package source references child process execution.
bin/agent-memory.jsView on unpkg · L384agent-memory install <harness> # interactive menu (TTY)
L85: agent-memory install skill # redirect to npx skills add
L86: agent-memory help
...
L96:
L97: /** Always shell:false — argv must not be re-parsed by cmd.exe. */
L98: function run(command, args, options = {}) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/agent-memory.jsView on unpkg · L84hooks/install-hooks.shView file
•path = hooks/install-hooks.sh
kind = build_helper
sizeBytes = 10942
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
hooks/install-hooks.shView on unpkgFindings
3 High3 Medium1 Low
HighChild Processbin/agent-memory.js
HighShell
HighRuntime Package Installbin/agent-memory.js
MediumEnvironment Vars
MediumShips Build Helperhooks/install-hooks.sh
MediumStructural Risk Force Deep Review
LowFilesystem