Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
5 flagged · loading sourcemain.jsView file
404patternName = google_api_key
severity = high
line = 404
matchedText = apiKey: ...Lk",
High
404patternName = google_api_key
severity = high
line = 404
matchedText = apiKey: ...Lk",
High
5112patternName = google_api_key
severity = high
line = 5112
matchedText = apiKey: ...l0",
High
hash-worker.jsView file
1// apps/desktop/cue-cli/src/hash-worker.js
L2: var { parentPort } = require("worker_threads");
L3: var { createReadStream } = require("fs");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
hash-worker.jsView on unpkg · L1assets/wasm/dir_scanner_wasm_bg.wasmView file
•path = assets/wasm/dir_scanner_wasm_bg.wasm
kind = wasm_module
sizeBytes = 380698
magicHex = [redacted]
Medium
Ships Wasm Module
Package ships WebAssembly modules.
assets/wasm/dir_scanner_wasm_bg.wasmView on unpkgFindings
3 High5 Medium4 Low
HighHigh Secretmain.js
HighSecret Patternmain.js
HighSecret Patternmain.js
MediumDynamic Requirehash-worker.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduleassets/wasm/dir_scanner_wasm_bg.wasm
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License