Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcepackages/core/src/repo-indexer.tsView file
1import { execSync } from 'node:child_process';
L2: import { readFileSync, writeFileSync, existsSync, mkdirSync, statSync, readdirSync } from 'node:fs';
High
Child Process
Package source references child process execution.
packages/core/src/repo-indexer.tsView on unpkg · L1packages/hooks/src/pre-prompt-fast.mjsView file
51// Spawn daemon detached so it survives hook exit
L52: const child = spawn('npx', ['tsx', daemonPath], {
L53: cwd: join(hookDir, '..', '..', '..'),
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
packages/hooks/src/pre-prompt-fast.mjsView on unpkg · L51setup.shView file
•path = setup.sh
kind = build_helper
sizeBytes = 4515
magicHex = [redacted]
Medium
Findings
3 High4 Medium4 Low
HighChild Processpackages/core/src/repo-indexer.ts
HighShell
HighRuntime Package Installpackages/hooks/src/pre-prompt-fast.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpersetup.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings