Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 24 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a possible secret pattern.
dist/cli/channels-command.jsView on unpkg · L811Hardcoded password in dist/cli/channels-command.js
dist/cli/channels-command.jsView on unpkg · L1094Package source references child process execution.
infra/managed-browser/server.jsView on unpkg · L1Package source references dynamic code evaluation.
dist/skills/skills-guard.jsView on unpkg · L772Package source references dynamic require/import behavior.
dist/plugins/plugin-manager.jsView on unpkg · L474Package source references weak cryptographic algorithms.
dist/evals/locomo-native.jsView on unpkg · L14A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/tunnel/cloudflare-tunnel-provider.jsView on unpkg · L18Source appears to send environment or credential material to an external endpoint.
dist/channels/discord-webhook/delivery.jsView on unpkg · L76Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
skills/alexa/alexa-auth.cjsView on unpkg · L3Package ships non-JavaScript build or shell helper files.
community-skills/meme-generation/scripts/generate_meme.pyView on unpkg