registry  /  @msawake/helioscode  /  0.1.0

@msawake/helioscode@0.1.0

Helios Code — AI-powered software engineering CLI

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 3.00 KB of source, external domains: storage.googleapis.com

Source & flagged code

1 flagged · loading source
bin/hc.jsView file
12L13: const { spawnSync } = require('child_process'); L14: const path = require('path'); ... L26: L27: const key = `${process.platform}-${process.arch}`; L28: const entry = PLATFORM_MAP[key]; ... L30: if (!entry) { L31: process.stderr.write( L32: `hc: unsupported platform: ${process.platform}/${process.arch}\n` + ... L37: `Install via curl instead:\n` + L38: ` curl -fsSL https://storage.googleapis.com/hub-ally-code-dev-cli-releases/install.sh | bash\n` L39: );
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/hc.jsView on unpkg · L12

Findings

1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitybin/hc.js
MediumEnvironment Vars
LowUrl Strings
LowNo License