Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
High-risk behavior combination matched malicious policy.
Decision evidence
public snapshotBehavioral surface
Network
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
135className: "absolute inset-0 pointer-events-none opacity-[0.03] z-0",
L136: style: { backgroundImage: `url("data:image/svg+xml,%3Csvg viewBox='0 0 200 200' xmlns='http://www.w3.org/2000/svg'%3E%3Cfilter id='noiseFilter'%3E%3CfeTurbulence type='fractalNoise...
L137: }
...
L483: if (res.success) {
L484: window.location.href = res.redirect || redirectUrl;
L485: } else {
...
L1346: try {
L1347: await navigator.clipboard.writeText(reference);
L1348: import_react_hot_toast5.default.success("Copied");
...
L2487: });
L2488: const data = await response.json();
L2489: if (response.ok && data.success) {
Critical
Clipboard Crypto Hijack
Source reads and rewrites clipboard contents matching cryptocurrency wallet addresses.
dist/index.jsView on unpkg · L135•Trigger-reachable chain: manifest.main -> dist/index.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgFindings
2 Critical2 Medium3 Low
CriticalClipboard Crypto Hijackdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings