Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.mjsView file
35function getPortalUrl(optionUrl, configUrl) {
L36: const raw = optionUrl?.trim() || configUrl?.trim() || process.env.WHATALO_DEVELOPER_PORTAL_URL?.trim() || "https://developers.whatalo.com";
L37: return raw.endsWith("/") ? raw.slice(0, -1) : raw;
...
L42: try {
L43: const config = await readConfig(process.cwd());
L44: configPortalUrl = config.dev.portal_url;
...
L131: headers: { "Content-Type": "application/json" },
L132: body: JSON.stringify({ refreshToken: session.refreshToken }),
L133: signal: AbortSignal.timeout(5e3)
...
L192: }
L193: const profile = await res.json();
L194: const expiresAt = new Date(session.expiresAt);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.mjsView on unpkg · L35Findings
1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings