Static Scan Results
scanned 14d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/review.jsView file
3import path from "node:path";
L4: import { spawnSync } from "node:child_process";
L5: import { spawnBufferedChild, spawnStreamingChild } from "./child-process.js";
High
dist/skill.jsView file
10function hasSkillsCli() {
L11: const result = spawnSync("npx", ["skills", "--version"], {
L12: encoding: "utf8",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/skill.jsView on unpkg · L10Findings
3 High2 Medium5 Low
HighChild Processdist/review.js
HighShell
HighRuntime Package Installdist/skill.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings