Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
Network
Source & flagged code
1 flagged · loading sourcedist/operations/watermark.jsView file
5*
L6: * 修复 review 报告:原实现直接 `await fetch(params.image)`,攻击者可传任意 URL
L7: * 让服务端发起请求,可能扫描内网(127.0.0.1 / 169.254.169.254 云元数据 / 私有网段)。
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/operations/watermark.jsView on unpkg · L5Findings
1 High1 Medium1 Low
HighCloud Metadata Accessdist/operations/watermark.js
MediumNetwork
LowScripts Present