Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-OFWLPRBY.jsView file
14import consola from "consola";
L15: var require2 = createRequire(import.meta.url);
L16: var CONFIG_MARKER = "GUAPOCADO_CONFIG_JSON:";
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/chunk-OFWLPRBY.jsView on unpkg · L14dist/login-CRWDZ5VM.jsView file
13// src/commands/login.ts
L14: import { spawn } from "child_process";
L15: import { defineCommand } from "citty";
...
L17: function openBrowser(url) {
L18: const command = process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open";
L19: const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
...
L41: async run({ args }) {
L42: const baseUrl = "https://api.guapocado.dev";
L43: if (args.key) {
...
L58: headers: { "content-type": "application/json" },
L59: body: JSON.stringify({ target: "both" })
L60: });
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/login-CRWDZ5VM.jsView on unpkg · L13Findings
1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/login-CRWDZ5VM.js
MediumDynamic Requiredist/chunk-OFWLPRBY.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings