Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/install/install.mjsView on unpkg · L7366Package source references shell execution.
dist/agent-src/scripts/update_roadmap_progress.tsView on unpkg · L309Package source references dynamic require/import behavior.
dist/agent-src/templates/scripts/work_engine/_lib/agent_settings.tsView on unpkg · L952Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/scripts/second_brain_retrieval.tsView on unpkg · L203Package source invokes a package manager install command at runtime.
dist/agent-src/scripts/archive_completed_roadmaps.tsView on unpkg · L375Package ships non-JavaScript build or shell helper files.
src/scripts/smoke/router.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/server/routes/wizard.jsView on unpkg