Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/service.jsView file
1/**
L2: * [INPUT]: 依赖 node:fs/promises、node:child_process、node:path、node:os
L3: * [OUTPUT]: 对外提供 installService、uninstallService、stopService、restartService、serviceStatus
High
196await new Promise((r) => setTimeout(r, 500));
L197: const result = spawnSync("launchctl", ["load", path], {
L198: encoding: "utf8",
...
L210: console.log(` Stop : launchctl unload ${path}`);
L211: console.log(` Remove : npx -y @kkcode-app/opencode --uninstall`);
L212: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/service.jsView on unpkg · L196Findings
3 High3 Medium4 Low
HighChild Processdist/service.js
HighShell
HighRuntime Package Installdist/service.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings