Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcedist/providers/adapters.jsView file
33if (url.protocol !== "https:" && !isLoopback) {
L34: throw new Error(`chorus refuses non-https model endpoint ${url.protocol}//${host}; use https:// or localhost for local debugging`);
L35: }
...
L103: signal,
L104: body: JSON.stringify({
L105: model: resolved.ref.modelId,
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/providers/adapters.jsView on unpkg · L33Findings
1 High2 Medium4 Low
HighCloud Metadata Accessdist/providers/adapters.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings