Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/cli.jsView file
3import { parseArgs } from 'node:util';
L4: import { execSync, spawnSync } from 'node:child_process';
L5: import os from 'node:os';
High
212try {
L213: execSync(`npm install -g ${pkg.name}@latest`, { stdio: 'inherit' });
L214: // Re-exec the freshly installed binary to apply the new skills.
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L212Findings
3 High3 Medium5 Low
HighChild Processbin/cli.js
HighShell
HighRuntime Package Installbin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings