Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/core/claude-cli-runner.jsView file
1import { spawn as nodeSpawn } from 'node:child_process';
L2: import { fileURLToPath } from 'node:url';
High
Child Process
Package source references child process execution.
dist/core/claude-cli-runner.jsView on unpkg · L1dist/core/backend-detect.jsView file
38available: false,
L39: hint: 'install Claude Code (npm i -g @anthropic-ai/claude-code) and log in',
L40: };
...
L44: try {
L45: const { stdout } = await exec('gh', ['auth', 'token'], { timeout: 10_000 });
L46: return { name: 'gh', available: stdout.trim().length > 0, version: 'authenticated' };
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/core/backend-detect.jsView on unpkg · L38Findings
3 High3 Medium5 Low
HighChild Processdist/core/claude-cli-runner.js
HighShell
HighRuntime Package Installdist/core/backend-detect.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings