Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcedist/auth/token.jsView file
3patternName = google_api_key
severity = high
line = 3
matchedText = const FI...gI";
High
3patternName = google_api_key
severity = high
line = 3
matchedText = const FI...gI";
High
dist/update-check.jsView file
7import { findOutdatedSkillInstalls, formatSkillStalenessBanner, } from "./sk[redacted]";
L8: const require = createRequire(import.meta.url);
L9: const pkg = require("../package.json");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/update-check.jsView on unpkg · L7bin/graphit.cmdView file
•path = bin/graphit.cmd
kind = build_helper
sizeBytes = 431
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
bin/graphit.cmdView on unpkgFindings
2 High5 Medium5 Low
HighHigh Secretdist/auth/token.js
HighSecret Patterndist/auth/token.js
MediumDynamic Requiredist/update-check.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/graphit.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License