Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcelib/capture.mjsView file
16if (!res.ok) return null
L17: const j = await res.json().catch(() => ({}))
L18: return Array.isArray(j.types) ? j.types : null
...
L30: try {
L31: if (resolve(String(cwd)) === homedir()) return 'general'
L32: } catch { /* unresolvable path — fall through to basename */ }
...
L87: // would recurse (and re-ingest the summarizer's prompt as a phantom session). Bail immediately.
L88: if (process.env.CORTEX_SUMMARIZING) { process.stderr.write('cortex: summarizer subprocess, skipping\n'); return }
L89:
Low
Weak Crypto
Package source references weak cryptographic algorithms.
lib/capture.mjsView on unpkg · L16lib/materialize.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @theronap/cortex-mcp@0.9.33
matchedIdentity = npm:QHRoZXJvbmFwL2NvcnRleC1tY3A:0.9.33
similarity = 0.632
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/materialize.mjsView on unpkglib/redact.test.mjsView file
41patternName = private_key_rsa
severity = critical
line = 41
matchedText = const ou...--')
Critical
Findings
1 Critical1 High2 Medium4 Low
CriticalSecret Patternlib/redact.test.mjs
HighPrevious Version Dangerous Deltalib/materialize.mjs
MediumNetwork
MediumEnvironment Vars
LowWeak Cryptolib/capture.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings