Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcesrc/tools.jsView file
2// LLM 은 생각만 하고, 실제 파일 조작/명령 실행은 전부 여기서 이뤄진다.
L3: import { execSync } from "node:child_process";
L4: import fs from "node:fs";
High
src/plugins.jsView file
40try {
L41: const mod = await import(pathToFileURL(full).href);
L42: const def = mod.default || mod.plugin || mod;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/plugins.jsView on unpkg · L40src/cli.jsView file
656}
L657: console.log(c.cyan(`npm install ${pkgs.join(" ")} ...`));
L658: try {
L659: execFileSync("npm", ["install", ...pkgs], { stdio: "inherit", cwd: process.cwd() });
L660: console.log(c.green("설치 완료. 다음 실행부터 플러그인이 자동으로 로드됩니다 (/plugins 로 확인)."));
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/cli.jsView on unpkg · L656Findings
3 High4 Medium4 Low
HighChild Processsrc/tools.js
HighShell
HighRuntime Package Installsrc/cli.js
MediumDynamic Requiresrc/plugins.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings