Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 20 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
12 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/agt.jsView on unpkg · L89Source writes installer persistence such as shell profile or service configuration.
dist/bin/agt.jsView on unpkg · L89Package source references shell execution.
dist/manager-supervisor-RMC62QES.jsView on unpkg · L261Package source references a known benign dynamic code generation pattern.
dist/mcp/augmented-support.jsView on unpkg · L2941Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/mcp/teams-channel.jsView on unpkg · L1227A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/mcp/teams-channel.jsView on unpkg · L14163Source executes local commands and sends command output to an external endpoint.
dist/lib/manager-worker.jsView on unpkg · L132A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/lib/manager-worker.jsView on unpkg · L132Package ships non-JavaScript build or shell helper files.
dist/assets/impersonate-statusline.shView on unpkgPackage contains source files above the static scanner size ceiling.
dist/mcp/whatsapp-channel.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/mcp/whatsapp-channel.jsView on unpkg