Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcedist/setup.jsView file
15import { createInterface } from 'readline';
L16: import { execSync } from 'child_process';
L17: import { platform } from 'os';
High
6*
L7: * Usage: npx --yes --package @rvry/mcp@latest rvry-mcp setup
L8: * npx --yes --package @rvry/mcp@latest rvry-mcp setup --token <value>
...
L15: import { createInterface } from 'readline';
L16: import { execSync } from 'child_process';
L17: import { platform } from 'os';
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/setup.jsView on unpkg · L6Findings
3 High4 Medium4 Low
HighChild Processdist/setup.js
HighShell
HighRuntime Package Installdist/setup.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings