Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
FilesystemNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
1package = @rlrml/player; repositoryIdentity = subtr-actor; dependency = @rlrml/subtr-actor
L1: import * as De from "@rlrml/subtr-actor";
L2: import * as h from "three";
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/index.jsView on unpkg · L1dist/draco/draco_decoder.wasmView file
•path = dist/draco/draco_decoder.wasm
kind = wasm_module
sizeBytes = 285747
magicHex = [redacted]
Medium
dist/models/cars/merc/merc.glbView file
•path = dist/models/cars/merc/merc.glb
kind = high_entropy_blob
sizeBytes = 5652040
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/models/cars/merc/merc.glbView on unpkgFindings
2 High3 Medium4 Low
HighCopied Package Dependency Bridgedist/index.js
HighShips High Entropy Blobdist/models/cars/merc/merc.glb
MediumNetwork
MediumShips Wasm Moduledist/draco/draco_decoder.wasm
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings