Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
DynamicRequireEnvironmentVarsFilesystem
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/metadataengine/MetadataEngine.jsView file
1const _0x27c367=_0x4062;(function(_0x1e50d2,_0x5b19a2){const _0x47374d=_0x4062,_0x37aece=_0x1e50d2();while(!![]){try{const _0x44a269=parseInt(_0x47374d(0x46d,'&lF['))/(0xd97+0x1bfe...
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/metadataengine/MetadataEngine.jsView on unpkg · L1cli.jsView file
6Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network
L6: const __filename = fileURLToPath(import.meta.url);
L7: const __dirname = path.dirname(__filename);
L8:
...
L11: function readVersion() {
L12: const versionFromEnv = process.env.npm[redacted]?.trim();
L13: if (versionFromEnv) return versionFromEnv;
L14: try {
L15: const pkgPath = path.join(__dirname, "package.json");
L16: const raw = fs.readFileSync(pkgPath, "utf8");
L17: const pkg = JSON.parse(raw);
L18: if (typeof pkg?.version === "string" && pkg.version.trim()) {
...
L137: --reconcile-sync MCP_RECONCILE_SYNC block startup until sync done;
High
Entrypoint Build Divergence
Manifest entrypoint contains risky behavior absent from dist/build output.
cli.jsView on unpkg · L6dist/tools/dev/index.jsView file
1(function(_0x4589cb,_0x46de65){const _0x445d1d=_0x45a8,_0x9427bf=_0x4589cb();while(!![]){try{const _0x1f390f=-parseInt(_0x445d1d(0x1af,'#RGi'))/(0xf*-0x133+-0x927+0x1b25)+parseInt(...
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/tools/dev/index.jsView on unpkg · L1Findings
3 High3 Medium5 Low
HighEntrypoint Build Divergencecli.js
HighObfuscated Payload Loaderdist/tools/dev/index.js
HighObfuscated
MediumDynamic Requiredist/metadataengine/MetadataEngine.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License