Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStrings
Source & flagged code
5 flagged · loading sourceaa.jsonView file
64patternName = google_api_key
severity = high
line = 64
matchedText = "apiKey"...AA",
High
64patternName = google_api_key
severity = high
line = 64
matchedText = "apiKey"...AA",
High
4180patternName = google_api_key
severity = high
line = 4180
matchedText = "apiKey"...AA",
High
index_ms.mjsView file
8L9: const { MessageBroker } = await import(path.join(process.env.XUDA_HOME, 'common', 'ms_broker.mjs'));
L10:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
index_ms.mjsView on unpkg · L8index.mjsView file
3import UglifyJS from 'uglify-js';
L4: import https from 'https';
L5: import JSON5 from 'json5';
...
L11:
L12: global._conf = (await import(path.join(process.env.XUDA_HOME, "common", "load_conf.mjs"))).loadConf();
L13:
...
L167:
L168: var { code: app_code, data: app_obj } = await get_app_data({
L169: org_app_id: req.app_id,
...
L734: code: -1,
L735: data: 'free plan user cannot change create instance visibility to private',
L736: };
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
index.mjsView on unpkg · L3Findings
3 High4 Medium3 Low
HighHigh Secretaa.json
HighSecret Patternaa.json
HighSecret Patternaa.json
MediumDynamic Requireindex_ms.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistenceindex.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings