Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcebin/kitcode.mjsView file
3import fs from 'node:fs';
L4: import {spawn} from 'node:child_process';
L5: import {createRequire} from 'node:module';
High
232function terminalUrl(options) {
L233: return `http://${options.host}:${options.port}/terminal`;
L234: }
...
L241: const entryPath = path.resolve(fileURLToPath(new URL('../src/mini-electron.mjs', import.meta.url)));
L242: const child = spawn(electronPath, [entryPath], {
L243: detached: true,
L244: env: {
L245: ...process.env,
L246: KITCODE_MINI_URL: url,
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/kitcode.mjsView on unpkg · L232src/hook-prompt.mjsView file
55? {
L56: bin: 'powershell.exe',
L57: args: ['-NoProfile', '-Command', `[void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show(${JSON.stringify(message)...
High
Findings
3 High2 Medium4 Low
HighChild Processbin/kitcode.mjs
HighShellsrc/hook-prompt.mjs
HighSame File Env Network Executionbin/kitcode.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings