Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcestatusline/claude/statusline.mjsView file
12L13: import { execFileSync, spawn } from "node:child_process";
L14: import fs from "node:fs";
High
Child Process
Package source references child process execution.
statusline/claude/statusline.mjsView on unpkg · L1212Cross-file remote execution chain: statusline/claude/statusline.mjs spawns lib/usage.mjs; helper contains network access plus dynamic code execution.
L12:
L13: import { execFileSync, spawn } from "node:child_process";
L14: import fs from "node:fs";
...
L18: const SCRIPT_DIR = dirname(fileURLToPath(import.meta.url));
L19: const AGENT_TOOLS_HOME = process.env.AGENT_TOOLS_HOME || join(SCRIPT_DIR, "..", "..");
L20: const DEFAULT_CONFIG_FILE = join(AGENT_TOOLS_HOME, "config.jsonc");
...
L56: for await (const chunk of process.stdin) chunks.push(chunk);
L57: return Buffer.concat(chunks).toString("utf8");
L58: }
...
L213: function renderField(field, data, config) {
L214: const dir = data?.workspace?.current_dir || data?.cwd || process.cwd() || "";
L215: const projectDir = data?.workspace?.project_dir || dir;
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
statusline/claude/statusline.mjsView on unpkg · L12lib/usage.mjsView file
12L13: const CODEX_HOME = process.env.CODEX_HOME || join(homedir(), ".codex");
L14: const AGENT_TOOLS_HOME = process.env.AGENT_TOOLS_HOME || join(homedir(), ".agent-tools");
...
L66: if (message) payload.systemMessage = message;
L67: process.stdout.write(`${JSON.stringify(payload)}\n`);
L68: }
...
L196: async function readJson(path) {
L197: return JSON.parse(await readFile(path, "utf8"));
L198: }
...
L314: return [
L315: "https://api.openai.com",
L316: "https://api.openai.com/v1",
Medium
Unsafe Vm Context
Package source executes code through a VM context API.
lib/usage.mjsView on unpkg · L12Findings
3 High3 Medium4 Low
HighChild Processstatusline/claude/statusline.mjs
HighShell
HighCross File Remote Execution Contextstatusline/claude/statusline.mjs
MediumUnsafe Vm Contextlib/usage.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings