Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVars
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcebin/hc.jsView file
12L13: const { spawnSync } = require('child_process');
L14: const path = require('path');
...
L26:
L27: const key = `${process.platform}-${process.arch}`;
L28: const entry = PLATFORM_MAP[key];
...
L30: if (!entry) {
L31: process.stderr.write(
L32: `hc: unsupported platform: ${process.platform}/${process.arch}\n` +
...
L37: `Install via curl instead:\n` +
L38: ` curl -fsSL https://storage.googleapis.com/hub-ally-code-dev-cli-releases/install.sh | bash\n`
L39: );
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/hc.jsView on unpkg · L12Findings
1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitybin/hc.js
MediumEnvironment Vars
LowUrl Strings
LowNo License