Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
CopyleftLicense
Source & flagged code
2 flagged · loading sourcedist/commands/login.jsView file
1import { Command } from '@oclif/core';
L2: import { exec } from 'node:child_process';
L3: import { createServer } from 'node:http';
L4: import { authManager } from '../config/auth.manager.js';
...
L20: };
L21: const cmd = cmds[process.platform];
L22: if (cmd)
...
L33: res.writeHead(400, { 'Content-Type': 'text/plain' });
L34: res.end('Missing token');
L35: return;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/login.jsView on unpkg · L1bin/dev.cmdView file
•path = bin/dev.cmd
kind = build_helper
sizeBytes = 86
magicHex = [redacted]
Medium
Findings
1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/commands/login.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/dev.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings
LowCopyleft License