Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourceevidence-validator-76ZQQYDU.jsView file
2915sourceCode = this.opts.code.process(sourceCode, sch);
L2916: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
L2917: const validate = makeValidate(this, this.scope.get());
Low
Eval
Package source references a known benign dynamic code generation pattern.
evidence-validator-76ZQQYDU.jsView on unpkg · L2915bin/ai-workflow.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @williambeto/ai-workflow@2.6.7
matchedIdentity = npm:[redacted]:2.6.7
similarity = 0.889
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/ai-workflow.jsView on unpkgFindings
1 High2 Medium4 Low
HighPrevious Version Dangerous Deltabin/ai-workflow.js
MediumNetwork
MediumEnvironment Vars
LowEvalevidence-validator-76ZQQYDU.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings