Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/utility/mlx_token.jsView file
8* Always reads fresh from DB (no in-memory cache) to support multiple processes.
L9: * @returns {Promise<{id: string, email: string, password: string, workspace_id: string, data: object}>}
L10: */
...
L36: const [, payloadB64] = token.split(".");
L37: const payload = JSON.parse(Buffer.from(payloadB64, "base64").toString());
L38: return payload.exp * 1000 < Date.now() + 5 * 60 * 1000;
...
L50:
L51: const res = await fetch("https://api.multilogin.com/user/signin", {
L52: method: "POST",
Low
Weak Crypto
Package source references weak cryptographic algorithms.
src/utility/mlx_token.jsView on unpkg · L8src/utility/puppeteer/findBrowserPath.jsView file
7L8: import { execSync } from "child_process";
L9: import fs from "fs";
...
L28: win32: [
L29: path.join(process.env.PROGRAMFILES || "C:\\Program Files", "Google", "Chrome", "Application", "chrome.exe"),
L30: path.join(process.env["PROGRAMFILES(X86)"] || "C:\\Program Files (x86)", "Google", "Chrome", "Application", "chrome.exe"),
...
L96: chrome: {
L97: linux: "sudo apt install google-chrome-stable OR download from https://www.google.com/chrome/",
L98: darwin: "Download from https://www.google.com/chrome/",
...
L126: function resolveFromPath(command) {
L127: const isWindows = process.platform === "win32";
L128: try {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/utility/puppeteer/findBrowserPath.jsView on unpkg · L7Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitysrc/utility/puppeteer/findBrowserPath.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptosrc/utility/mlx_token.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings