Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chat-client.jsView file
6* - Host allowlist
L7: * - SSRF prevention (private / link-local / loopback / cloud metadata)
L8: * - Timeout via AbortController
...
L11: */
L12: import { lookup } from "node:dns/promises";
L13: import { URL } from "node:url";
...
L454: try {
L455: const text = await response.text();
L456: bodyPreview = text.slice(0, 200);
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/chat-client.jsView on unpkg · L6Findings
1 High3 Medium5 Low
HighCloud Metadata Accessdist/chat-client.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings