Static Scan Results
scanned 27m ago · by rust-scannerStatic analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
sinain-core/src/capture/voice-session.tsView on unpkg · L1Package source references dynamic require/import behavior.
setup-embedding.jsView on unpkg · L113Package source references weak cryptographic algorithms.
sinain-core/src/capture/window-ops.tsView on unpkg · L26A single source file combines environment access, network access, and code or shell execution; review context before blocking.
sinain-core/src/mcp-tunnel/controller.tsView on unpkg · L122Source appears to send environment or credential material to an external endpoint.
sinain-knowledge/adapters/openclaw/adapter.tsView on unpkg · L29Package ships non-JavaScript build or shell helper files.
sense_client/sender.pyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
sense_client/tests/__init__.pyView on unpkg