Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
4340// src/process/PortDetector.ts
L4341: import { execSync } from "child_process";
L4342: var PortDetector = class {
High
14Cross-file remote execution chain: dist/index.js spawns dist/cdp-engine-TGY7DD37.js; helper contains network access plus dynamic code execution.
L14: import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
L15: import { createServer } from "http";
L16: import { ZodError } from "zod";
...
L754: return {
L755: base64: buffer.toString("base64"),
L756: width: clip?.width ?? viewport.width,
...
L1154: category: "dom",
L1155: description: "`<use_case>DOM inspection</use_case> \u{1F3F7}\uFE0F Get comprehensive page metadata: title, description, Open Graph tags (og:*), Twitter cards (twitter:*), canonical...
L1156: inputSchema: z3.object({
...
L1925: code: "STORAGE_ACCESS_DENIED",
L1926: suggestions: ["localStorage may be restricted in private browsing or cross-origin contexts"]
L1927: });
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L14Findings
3 High2 Medium4 Low
HighChild Processdist/index.js
HighShell
HighCross File Remote Execution Contextdist/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings