Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcelib/commands.jsView file
33// POST /api/auth/otp/start { to, channel } — devCode present in mock mode.
L34: start = await api.call("POST", "/api/auth/otp/start", { flags, body: { to: email, channel: "email" } });
L35: } finally {
...
L179: const data = await api.call("GET", "/api/wallets", { flags });
L180: // Non-custodial: there is no private key to export — the Safe is on-chain.
L181: console.log(JSON.stringify({ safeAddress: data.safeAddress, modules: data.modules, balances: data.balances }, null, 2));
...
L747: try {
L748: body = JSON.parse(flags.data);
L749: } catch {
...
L755: console.log(typeof res.body === "string" ? res.body : JSON.stringify(res.body, null, 2));
L756: if (res.status >= 400) process.exitCode = 1;
L757: }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/commands.jsView on unpkg · L33Findings
1 High2 Medium3 Low
HighSandbox Evasion Gated Capabilitylib/commands.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings