Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/publish.jsView file
8import { join } from 'node:path';
L9: import { execSync } from 'node:child_process';
L10: /** Bump patch version: 0.3.11 → 0.3.12 */
High
dist/upgrade.jsView file
1/**
L2: * Skill upgrade — detects installed skills and re-applies from canonical source.
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/upgrade.jsView on unpkg · L1dist/setup.jsView file
26type: 'command',
L27: command: `node -e "const fs=require('fs');const d=new Date().toISOString();try{require('child_process').execSync('npx agentdb add \\'${rvfPath}\\' \\'session-start: '+d+'\\'',{stdi...
L28: }],
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/setup.jsView on unpkg · L26Findings
3 High3 Medium5 Low
HighChild Processdist/publish.js
HighShell
HighRuntime Package Installdist/setup.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/upgrade.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings