Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcelib/service.jsView file
5const path = require("node:path");
L6: const { spawnSync } = require("node:child_process");
L7:
...
L12: function plistPath() {
L13: return path.join(os.homedir(), "Library", "LaunchAgents", "com.sevoniva.llm-coding-bridge.plist");
L14: }
...
L27: function installService(configPath, verb = "installed") {
L28: if (process.platform !== "darwin") throw new Error("install-service currently supports macOS launchd only.");
L29: const config = path.resolve(configPath);
...
L50: const domain = `gui/${process.getuid()}`;
L51: spawnSync("launchctl", ["bootout", domain, plistPath()], { stdio: "ignore" });
L52: const result = spawnSync("launchctl", ["bootstrap", domain, plistPath()], { encoding: "utf8" });
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
lib/service.jsView on unpkg · L5Findings
3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/service.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings