Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcesrc/cli/init.tsView file
15L16: import { spawn } from "node:child_process";
L17: import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
High
107cwd,
L108: shell: true,
L109: stdio: "ignore",
High
src/cli/skill.tsView file
42): void {
L43: execFileSync("npx", ["skills", "add", packageRoot(), "--copy", ...args], {
L44: cwd: projectDir,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/cli/skill.tsView on unpkg · L42Findings
3 High2 Medium4 Low
HighChild Processsrc/cli/init.ts
HighShellsrc/cli/init.ts
HighRuntime Package Installsrc/cli/skill.ts
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings