Static Scan Results
scanned 11d ago · by rust-scannerStatic analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystem
UrlStrings
Source & flagged code
1 flagged · loading sourcebin/cicy-code.jsView file
12// port dance entirely — `npx cicy-code --version` must never touch :8008.
L13: const { spawn, execSync } = require('child_process');
L14: const fs = require('fs');
...
L16: const args = process.argv.slice(2);
L17: const PORT = process.env.PORT || '8008';
L18:
L19: // Package name uses "windows", not the process.platform value "win32":
L20: // npm's spam filter rejects (403) new package names containing win32.
...
L32: console.error(`Reinstall: npm install -g cicy-code` +
L33: ` (in China add --registry=https://registry.npmmirror.com)`);
L34: process.exit(1);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/cicy-code.jsView on unpkg · L12Findings
1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitybin/cicy-code.js
MediumEnvironment Vars
LowFilesystem
LowUrl Strings