Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcelib/security/sandbox.jsView file
258try {
L259: const { isDockerAvailable } = require('./sandbox-docker.js');
L260: this._dockerAvailable = isDockerAvailable();
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/security/sandbox.jsView on unpkg · L258179}
L180: if (lower.includes('eval(') || lower.includes('exec(')) {
L181: return '沙箱内禁止执行危险命令模式: eval/exec';
Low
Eval
Package source references a known benign dynamic code generation pattern.
lib/security/sandbox.jsView on unpkg · L179lib/security/network-policy.jsView file
33h.endsWith('.local') ||
L34: // IPv4 private ranges
L35: h.startsWith('10.') ||
...
L103: allowed: false,
L104: reason: `启用 allowedDomains 时,网络命令必须包含可校验的 URL(如 http://example.com)`,
L105: };
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
lib/security/network-policy.jsView on unpkg · L33Findings
1 High4 Medium5 Low
HighCloud Metadata Accesslib/security/network-policy.js
MediumDynamic Requirelib/security/sandbox.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvallib/security/sandbox.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings