Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcedist/cli.jsView file
40droppedTurns: z.number().int().nonnegative(),
L41: sourceMetadata: z.record(z.string(), z.unknown())
L42: });
...
L61: try {
L62: const parsed = JSON.parse(fs.readFileSync(p, "utf8"));
L63: if (!parsed || !Array.isArray(parsed.records))
...
L71: var init_ledger = __esm(() => {
L72: LEDGER_DIR = process.env.CLAUDE_IMPORT_LEDGER_DIR || path.join(os.homedir(), ".claude-importer");
L73: });
...
L122: /<local-command-caveat>[\s\S]*?<\/local-command-caveat>/gi,
L123: /<local-command-stdout>[\s\S]*?<\/local-command-stdout>/gi,
L124: /<local-command-stderr>[\s\S]*?<\/local-command-stderr>/gi
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.jsView on unpkg · L4040droppedTurns: z.number().int().nonnegative(),
L41: sourceMetadata: z.record(z.string(), z.unknown())
L42: });
...
L61: try {
L62: const parsed = JSON.parse(fs.readFileSync(p, "utf8"));
L63: if (!parsed || !Array.isArray(parsed.records))
...
L71: var init_ledger = __esm(() => {
L72: LEDGER_DIR = process.env.CLAUDE_IMPORT_LEDGER_DIR || path.join(os.homedir(), ".claude-importer");
L73: });
...
L122: /<local-command-caveat>[\s\S]*?<\/local-command-caveat>/gi,
L123: /<local-command-stdout>[\s\S]*?<\/local-command-stdout>/gi,
L124: /<local-command-stderr>[\s\S]*?<\/local-command-stderr>/gi
Low
Findings
1 High4 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptodist/cli.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings