Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/main.jsView file
23259patternName = generic_password
severity = medium
line = 23259
matchedText = if (!fro...t) {
Medium
70const here = dirname(fileURLToPath(import.meta.url));
L71: return JSON.parse(readFileSync(join(here, "..", "..", "package.json"), "utf-8")).version ?? "0.0.0";
L72: } catch {
...
L387: function defaultTarget(host, port) {
L388: return { adminUrl: `http://${host}:${port}`, compatUrl: `http://${host}:${port - 1}` };
L389: }
...
L458: ensureLegacyMigration();
L459: const hostOverride = strFlag(args.flags["host"]) ?? process.env["AGW_HOST"];
L460: const portOverride = strFlag(args.flags["port"]) ?? process.env["AGW_PORT"];
...
L471: flagTarget: strFlag(args.flags["target"]),
L472: cwd: process.cwd(),
L473: defaultHost: host,
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/main.jsView on unpkg · L70Findings
4 Medium5 Low
MediumSecret Patterndist/main.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/main.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License