Static Scan Results
scanned 7h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcelib/install-core.jsView file
3const path = require("path");
L4: const { execFileSync } = require("child_process");
L5:
L6: const DEFAULT_GATEWAY_URL = "https://llm-proxy.lnf.gr/v1";
L7: const DEFAULT_LOCAL_LLM_URL = "http://localhost:8080/v1";
...
L94: function installerPaths(options = {}) {
L95: const home = path.resolve(options.home || process.env.HOME || os.homedir());
L96: const installRoot = path.resolve(options.installRoot || path.join(home, ".token-optimizer"));
...
L269: }
L270: applyLaunchctlValues(values, options);
L271: }
...
L428: function readJsonFile(filePath) {
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
lib/install-core.jsView on unpkg · L3assets/plugin/cursor/server/start.shView file
•path = [redacted].sh
kind = build_helper
sizeBytes = 391
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
assets/plugin/cursor/server/start.shView on unpkgFindings
5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/install-core.js
MediumShips Build Helperassets/plugin/cursor/server/start.sh
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License