Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/platform.jsView file
33async create(data) {
L34: return this.http.post("/api/platform/entries", data);
L35: }
...
L520: function getEnv(key) {
L521: if (typeof process !== "undefined" && process.env) {
L522: return process.env[key];
...
L568: * // Browser (must provide baseUrl)
L569: * const url = invites.getInvitationUrl(token, 'https://app.example.com');
L570: * ```
...
L690: if (octets[0] === 10) {
L691: throw new MarvinValidationError("Webhook URL cannot target private IP range (10.x.x.x)");
L692: }
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/platform.jsView on unpkg · L33Findings
1 High3 Medium4 Low
HighCloud Metadata Accessdist/platform.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings