Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/infrastructure/protocols/PlinkSerial.jsView file
39exports.PlinkSerialSession = void 0;
L40: const child_process_1 = require("child_process");
L41: const BaseSession_1 = require("./BaseSession");
...
L58: static async ensurePlinkExecutable() {
L59: const isWindows = process.platform === 'win32';
L60: if (!isWindows) {
...
L62: }
L63: const localCwdPath = path.resolve(process.cwd(), 'plink.exe');
L64: const projectRootPath = path.resolve(__dirname, '..', '..', '..', 'plink.exe');
...
L77: const arch = process.arch;
L78: let downloadUrl = 'https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe';
L79: if (arch === 'arm64') {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/infrastructure/protocols/PlinkSerial.jsView on unpkg · L39Findings
1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/infrastructure/protocols/PlinkSerial.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings