Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcelib/exec.jsView file
1import { spawn, exec as nodeExec } from 'node:child_process'
L2: import { promisify } from 'node:util'
High
lib/start-dev.jsView file
196'-e',
L197: `bash -c "cd '${currentDir}' && echo '${title}' && ${command}; exec bash"`,
L198: ],
High
lib/cli/dx-cli.jsView file
101try {
L102: execSync('pnpm install --frozen-lockfile', {
L103: stdio: 'inherit',
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/cli/dx-cli.jsView on unpkg · L101skills/backend-audit-fixer/scripts/error_handling_audit.pyView file
•path = skills/backend-audit-fixer/scripts/error_handling_audit.py
kind = build_helper
sizeBytes = 20278
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
skills/backend-audit-fixer/scripts/error_handling_audit.pyView on unpkgFindings
3 High4 Medium4 Low
HighChild Processlib/exec.js
HighShelllib/start-dev.js
HighRuntime Package Installlib/cli/dx-cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/backend-audit-fixer/scripts/error_handling_audit.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings