Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-UTXUGXDB.jsView file
9import path from "path";
L10: import { spawn } from "child_process";
L11: function buildGraphData(idx) {
High
Child Process
Package source references child process execution.
dist/chunk-UTXUGXDB.jsView on unpkg · L9dist/cli.jsView file
125try {
L126: execFileSync("npx", ["--yes", "skills", "add", rec.skill, "--yes"], {
L127: stdio: "pipe",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L125Findings
3 High2 Medium4 Low
HighChild Processdist/chunk-UTXUGXDB.js
HighShell
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings