Static Scan Results
scanned 42m ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunk-35QJORM2.jsView file
110import { mkdir, readFile, writeFile } from "fs/promises";
L111: var SITE_BASE = (process.env.OLLIE_SITE || "https://olliechat-lac.vercel.app").replace(/\/+$/, "");
L112: var UPSTREAM_BASE = "https://sh00t.host/v1";
...
L149: }
L150: var CONFIG_DIR = join(homedir(), ".olliechat");
L151: var CONFIG_PATH = join(CONFIG_DIR, "config.json");
...
L154: const raw = await readFile(CONFIG_PATH, "utf8");
L155: return { ...DEFAULTS, ...JSON.parse(raw) };
L156: } catch {
...
L169: import { mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
L170: import { spawn } from "child_process";
L171: var DIR = join2(homedir2(), ".olliechat");
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/chunk-35QJORM2.jsView on unpkg · L110Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/chunk-35QJORM2.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings