Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcebin/shade.jsView file
3L4: const { execFileSync } = require("node:child_process");
L5: const {
...
L12:
L13: const BASE_URL = "https://releases.shadegpu.com/v1/releases";
L14: const BIN_DIR = __dirname;
L15:
...
L25: }
L26: writeFileSync(dest, Buffer.from(await res.arrayBuffer()));
L27: chmodSync(dest, 0o755);
...
L31: const nativeBin = join(BIN_DIR, "shade-native");
L32: const key = `${process.platform}-${process.arch}`;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/shade.jsView on unpkg · L3Findings
1 High1 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/shade.js
MediumNetwork
LowFilesystem
LowUrl Strings
LowNo License