Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
58if (!KEY || !distinctId) return Promise.resolve();
L59: const request2 = fetch(`${HOST}/capture/`, {
L60: method: "POST",
L61: headers: { "Content-Type": "application/json" },
L62: body: JSON.stringify({
L63: api_key: KEY,
...
L129: if ((0, import_node_fs.existsSync)(CONFIG_PATH)) {
L130: return JSON.parse((0, import_node_fs.readFileSync)(CONFIG_PATH, "utf8"));
L131: }
...
L238: function loadApiKey() {
L239: const envKey = process.env["DRIFTLESS_API_KEY"];
L240: if (envKey) return envKey;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L58Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings