Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/config.jsView file
7const envPaths = [
L8: process.env.MTEAM_ENV_PATH,
L9: resolve(process.cwd(), ".env"),
L10: resolve(moduleDir, "..", ".env"),
...
L35: const mteamApiBaseUrl = process.env.MTEAM_API_BASE_URL?.trim().replace(/\/+$/, "") ||
L36: "https://api.m-team.cc";
L37: return {
...
L50: }
L51: export function getDefaultPushStatePath(env = process.env, platform = process.platform) {
L52: const fileName = ".mteam-push-state.json";
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/config.jsView on unpkg · L7Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/config.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings