Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsTelemetryUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
22970package = @paragraph-com/mcp; repositoryIdentity = paragraph-mcp; dependency = @whetstone-research/doppler-sdk
L22970: import("viem/chains"),
L22971: import("@whetstone-research/doppler-sdk")
L22972: ]);
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/index.jsView on unpkg · L229702943sourceCode = this.opts.code.process(sourceCode, sch);
L2944: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
L2945: const validate = makeValidate(this, this.scope.get());
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L2943Findings
1 High3 Medium7 Low
HighCopied Package Dependency Bridgedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings