Static Scan Results
scanned 1h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/commands/auth.jsView file
4import * as readline from "readline";
L5: import { exec } from "child_process";
L6: import { saveAuthToFile, loadAuthFromFile, getStateChangeApiKey, getAuthFilePath, } from "../auth.js";
L7: import { listXanoTokens, checkTokenHealth, resolveInstance } from "../registry-client.js";
L8: const SCKEYS_URL = "https://api.statechange.ai/api:sckeys";
L9: function openUrl(url) {
L10: const cmd = process.platform === "darwin"
L11: ? `open "${url}"`
...
L23: input: process.stdin,
L24: output: process.stdout,
L25: });
...
L38: if (!codeResponse.ok) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/auth.jsView on unpkg · L4Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/commands/auth.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings