Static Scan Results
scanned 8h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
CryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcesrc/modes/ai.jsView file
299patternName = generic_password
severity = medium
line = 299
matchedText = { type: ...' },
Medium
619patternName = generic_password
severity = medium
line = 619
matchedText = { type: ...' },
Medium
src/modes/host.jsView file
15L16: import { execa } from 'execa';
L17: import chalk from 'chalk';
...
L34:
L35: const __dirname = path.dirname(fileURLToPath(import.meta.url));
L36: let BROKER_URL = process.env.BROKER_URL || 'https://ipingyou.onrender.com';
L37:
...
L72: try {
L73: const { stdout } = await execa('sudo', ['systemsetup', '-getremotelogin'], { reject: false });
L74: if (stdout.toLowerCase().includes('off')) {
...
L200: if (!homedir) {
L201: throw new Error('Could not resolve the current user home directory for authorized_keys');
Critical
Persistence Backdoor
Source writes persistence or remote-access backdoor material.
src/modes/host.jsView on unpkg · L1515Trigger-reachable chain: manifest.main -> src/cli.js -> src/modes/host.js
L15:
L16: import { execa } from 'execa';
L17: import chalk from 'chalk';
...
L34:
L35: const __dirname = path.dirname(fileURLToPath(import.meta.url));
L36: let BROKER_URL = process.env.BROKER_URL || 'https://ipingyou.onrender.com';
L37:
...
L72: try {
L73: const { stdout } = await execa('sudo', ['systemsetup', '-getremotelogin'], { reject: false });
L74: if (stdout.toLowerCase().includes('off')) {
...
L200: if (!homedir) {
L201: throw new Error('Could not resolve the current user home directory for authorized_keys');
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/modes/host.jsView on unpkg · L15Findings
2 Critical5 Medium5 Low
CriticalPersistence Backdoorsrc/modes/host.js
CriticalTrigger Reachable Dangerous Capabilitysrc/modes/host.js
MediumSecret Patternsrc/modes/ai.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/modes/ai.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings