Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/commands/project.jsView file
4import { homedir } from 'os';
L5: import { execSync } from 'child_process';
L6: import { setProject, getContext, _resetCache } from '../utils/context.js';
High
Child Process
Package source references child process execution.
dist/commands/project.jsView on unpkg · L4212const kbDir = join(homedir(), 'kb', 'product-research');
L213: const lintOutput = execSync(`npx kb-skills lint --dir "${kbDir}"`, {
L214: encoding: 'utf-8',
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/commands/project.jsView on unpkg · L212Findings
3 High3 Medium4 Low
HighChild Processdist/commands/project.js
HighShell
HighRuntime Package Installdist/commands/project.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings