Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
12function expandTilde(p) {
L13: if (p === "~") return homedir();
L14: if (p.startsWith("~/") || p.startsWith("~\\")) {
...
L19: function rootDir() {
L20: const override = process.env.POSTMORTEM_HOME;
L21: if (override && override.length > 0) {
...
L123: function println(text = "") {
L124: process.stdout.write(`${text}
L125: `);
...
L255: {
L256: label: "private-key-block",
L257: pattern: /-----BEGIN (?:[A-Z ]+ )?PRIVATE KEY-----[\s\S]*?-----END (?:[A-Z ]+ )?PRIVATE KEY-----/g,
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/index.jsView on unpkg · L12Findings
1 High3 Medium5 Low
HighCloud Metadata Accessdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings