registry  /  badgr-cli  /  1.0.42

badgr-cli@1.0.42

Badgr — run or serve GPU workloads from one command

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 48 file(s), 430 KB of source, external domains: aibadgr.com, api.aibadgr.com, api.badgr.ai, api.gpu.ai, api.test, dep-prod-001.aibadgr.com, dep-run-001.aibadgr.com, dep-serve-001.aibadgr.com, dep-test-001.aibadgr.com, dep-tmpl-001.aibadgr.com, example.com, github.com

Source & flagged code

1 flagged · loading source
src/commands/billing.jsView file
1import { execSync } from 'child_process'; L2: import { requireApiKey } from '../config.js'; ... L19: function openBrowser(url) { L20: const platform = process.platform; L21: try { ... L46: console.log(chalk.dim(' Add balance: badgr billing add 10')); L47: console.log(chalk.dim(' Or visit: https://aibadgr.com/billing/top-up')); L48: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/commands/billing.jsView on unpkg · L1

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitysrc/commands/billing.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings