Static Scan Results
scanned 48m ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcecli.jsView file
1#!/usr/bin/env node
L2: const { execSync } = require("child_process")
L3: const { existsSync } = require("fs")
...
L6:
L7: const INSTALL_DIR = process.env.KAESRACODE_INSTALL_DIR || join(os.homedir(), ".kaesracode")
L8: const IS_WINDOWS = process.platform === "win32"
L9:
L10: function sh(cmd, opts = {}) {
L11: const shell = IS_WINDOWS ? "powershell.exe" : "/bin/bash"
L12: return execSync(cmd, { stdio: "inherit", shell, ...opts })
...
L29: } else {
L30: console.log("❌ bun not found. Install: curl -fsSL https://bun.sh/install | bash")
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
cli.jsView on unpkg · L1Findings
1 High2 Medium3 Low
HighSandbox Evasion Gated Capabilitycli.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings