Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
1 flagged · loading sourcedist/install-daemon.jsView file
8// RunAtLoad=true, and DEPLOYIK_* in EnvironmentVariables.
L9: // 2. Bootstrap it via `launchctl bootout` (clear any old version) +
L10: // `launchctl bootstrap gui/$UID <plist>`.
...
L12: // ({ command: "npx", args: [...], env: {...} }) with
L13: // ({ type: "http", url: "http://127.0.0.1:8788/mcp" }).
L14: // 4. Uninstall reverses all three.
...
L18: // would need root to read it.
L19: import { execFileSync } from "node:child_process";
L20: import { chmodSync, copyFileSync, cpSync, existsSync, mkdirSync, readFileSync, rmSync, unlinkSync, writeFileSync, } from "node:fs";
...
L28: function runtimeDir() {
L29: return join(homedir(), ".deployik-mcp", "runtime");
L30: }
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/install-daemon.jsView on unpkg · L8Findings
4 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/install-daemon.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings