Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/openrouter.jsView file
17export async function openRouterChat(messages, options) {
L18: const apiKey = process.env[options.apiKeyEnv];
L19: if (!apiKey) {
...
L24: try {
L25: const response = await fetch("https://openrouter.ai/api/v1/chat/completions", {
L26: method: "POST",
...
L33: },
L34: body: JSON.stringify({
L35: model: options.model,
...
L44: if (!response.ok) {
L45: const text = await response.text().catch(() => "");
L46: throw new OpenRouterHttpError(`OpenRouter request failed (${response.status}): ${text.slice(0, 500)}`, response.status);
High
Credential Exfiltration
Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/openrouter.jsView on unpkg · L17training/sft-local/src/train.pyView file
•path = training/sft-local/src/train.py
kind = build_helper
sizeBytes = 14738
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
training/sft-local/src/train.pyView on unpkgFindings
1 High3 Medium3 Low
HighCredential Exfiltrationdist/openrouter.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertraining/sft-local/src/train.py
LowScripts Present
LowFilesystem
LowUrl Strings