Static Scan Results
scanned 7h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemShell
HighEntropyStringsUrlStrings
NoLicenseWildcardDependency
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
17ZodArray: () => ZodArray,
L18: ZodBase64: () => ZodBase64,
L19: ZodBase64URL: () => ZodBase64URL,
...
L1478: error: new (_Err ?? $ZodError)(result.issues.map((iss) => finalizeIssue(iss, ctx, config())))
L1479: } : { success: true, data: result.value };
L1480: };
...
L2562: try {
L2563: new URL(`http://[${payload.value}]`);
L2564: } catch {
...
L14917: // servers/drupal-config-[redacted].ts
L14918: import { exec, execFile } from "node:child_process";
L14919: import { existsSync, writeFileSync, unlinkSync } from "node:fs";
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L1714966try {
L14967: $result = eval(base64_decode('${base64Payload}'));
L14968: echo "\\n---MCP-BEGIN---\\n";
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14966Findings
1 High3 Medium6 Low
HighObfuscated Payload Loaderdist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License