Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/middleware/otel-spans.jsView file
41package = @stigmer/runner; repositoryIdentity = stigmer; dependency = @opentelemetry/api
L41: try {
L42: const api = await import("@opentelemetry/api");
L43: return api;
High
Copied Package Dependency Bridge
Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
dist/middleware/otel-spans.jsView on unpkg · L41src/activities/execute-deep-agent/__tests__/status-builder.test.tsView file
733patternName = generic_password
severity = medium
line = 733
matchedText = password...et",
Medium
Secret Pattern
Hardcoded password in src/activities/execute-deep-agent/__tests__/status-builder.test.ts
src/activities/execute-deep-agent/__tests__/status-builder.test.tsView on unpkg · L733Findings
1 High4 Medium4 Low
HighCopied Package Dependency Bridgedist/middleware/otel-spans.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/activities/execute-deep-agent/__tests__/status-builder.test.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings