Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVars
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/agent-candidate-schema-common.jsView file
6const githubComponentPattern = /^[A-Za-z0-9][A-Za-z0-9_.-]{0,99}$/;
L7: const secretNamePattern = /(?:^|[_-])(?:api[_-]?key|access[_-]?key|private[_-]?key|token|secret|password|credentials?|authorization|cookie|database[_-]?url|dsn|pat)(?:[_-]|$)/i;
L8: const obviousSecretValuePattern = /(?:\b(?:sk|gh[pousr]|github_pat|AKIA)[-_A-Za-z0-9]{12,}\b|-----BEGIN [A-Z ]*PRIVATE KEY-----|\bBearer\s+\S+)/;
...
L16: "cmd",
L17: "cmd.exe",
L18: "powershell",
...
L33: for (let index = 0; index < value.length; index++) {
L34: const code = value.charCodeAt(index);
L35: if (code >= 0xd800 && code <= 0xdbff) {
...
L84: try {
L85: const parsed = new URL(`http://${literal.includes(":") ? `[${literal}]` : literal}/`);
L86: hostname = parsed.hostname.replace(/^\[|\]$/g, "");
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/agent-candidate-schema-common.jsView on unpkg · L6Findings
1 High1 Medium3 Low
HighCloud Metadata Accessdist/agent-candidate-schema-common.js
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings