Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcesrc/commands/billing.jsView file
1import { execSync } from 'child_process';
L2: import { requireApiKey } from '../config.js';
...
L19: function openBrowser(url) {
L20: const platform = process.platform;
L21: try {
...
L46: console.log(chalk.dim(' Add balance: badgr billing add 10'));
L47: console.log(chalk.dim(' Or visit: https://aibadgr.com/billing/top-up'));
L48: }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/commands/billing.jsView on unpkg · L1Findings
1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitysrc/commands/billing.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings