Static Scan Results
scanned 15d ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcebin/acptoapi.jsView file
45(async () => {
L46: const { execSync } = require('child_process');
L47: const opts = { stdio: 'inherit', windowsHide: true };
High
45(async () => {
L46: const { execSync } = require('child_process');
L47: const opts = { stdio: 'inherit', windowsHide: true };
...
L55: console.log(`[acptoapi] latest on npm: ${latest}`);
L56: console.log('[acptoapi] next invocation of `bunx acptoapi@latest` or `npx -y acptoapi@latest` will fetch fresh.');
L57: process.exit(0);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/acptoapi.jsView on unpkg · L45test.jsView file
9L10: const assert = require('assert');
L11: const http = require('http');
Medium
install-acp-agents.ps1View file
•path = install-acp-agents.ps1
kind = build_helper
sizeBytes = 2879
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
install-acp-agents.ps1View on unpkgFindings
3 High5 Medium3 Low
HighChild Processbin/acptoapi.js
HighShell
HighRuntime Package Installbin/acptoapi.js
MediumDynamic Requiretest.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall-acp-agents.ps1
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings