Static Scan Results
scanned 23h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/cli.jsView file
1#!/usr/bin/env node
L2: import { spawn } from "node:child_process";
L3: import { realpathSync } from "node:fs";
...
L39: export async function runCli(argv = process.argv.slice(2), dependencies = {}) {
L40: const stdout = dependencies.stdout ?? ((line) => process.stdout.write(`${line}\n`));
L41: const stderr = dependencies.stderr ?? ((line) => process.stderr.write(`${line}\n`));
...
L47: }
L48: const env = dependencies.env ?? process.env;
L49: const store = dependencies.stateStore ?? createFileCliAuthStateStore({ env });
...
L283: const origin = new URL(apiBaseUrl).origin;
L284: if (origin === "https://autopilot.dev.hyper-star.org") {
L285: return "https://app.dev.hyper-star.org";
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.jsView on unpkg · L1Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License