Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/create-shell-app.mjsView on unpkg · L9Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/bin/create-shell-app.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
dist/bundled-templates/templates/photo-sorter/skills/photo-face-sorter/scripts/query_photos.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/bundled-templates/templates/_base/build/icons/icon.icnsView on unpkgHardcoded password in dist/docs/wujie-ai-business.md
dist/docs/wujie-ai-business.mdView on unpkg · L174