Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 35 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
28 flagged · loading sourcePackage contains a critical-looking secret pattern.
v3/@claude-flow/guidance/dist/manifest-validator.jsView on unpkg · L702RSA private key in v3/@claude-flow/guidance/dist/manifest-validator.js
v3/@claude-flow/guidance/dist/manifest-validator.jsView on unpkg · L702Package source references child process execution.
v3/@claude-flow/shared/dist/core/orchestrator/lifecycle-manager.jsView on unpkg · L55Package source references shell execution.
v3/@claude-flow/cli/dist/src/init/executor.jsView on unpkg · L234Hardcoded password in v3/@claude-flow/guidance/dist/analyzer.js
v3/@claude-flow/guidance/dist/analyzer.jsView on unpkg · L1344Hardcoded password in v3/@claude-flow/guidance/dist/analyzer.js
v3/@claude-flow/guidance/dist/analyzer.jsView on unpkg · L2127Package source references a known benign dynamic code generation pattern.
v3/@claude-flow/guidance/dist/analyzer.jsView on unpkg · L2103Package source references dynamic require/import behavior.
bin/cli.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
v3/@claude-flow/cli/dist/src/init/statusline-generator.jsView on unpkg · L149Source writes installer persistence such as shell profile or service configuration.
v3/@claude-flow/cli/dist/src/init/statusline-generator.jsView on unpkg · L47A single source file combines environment access, network access, and code or shell execution; review context before blocking.
v3/@claude-flow/cli/dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View on unpkg · L49Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/statusline-command.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.claude/statusline-command.shView on unpkgHardcoded password in .claude/agents/core/reviewer.md
.claude/agents/core/reviewer.mdView on unpkg · L67Hardcoded password in .claude/agents/flow-nexus/authentication.md
.claude/agents/flow-nexus/authentication.mdView on unpkg · L22Hardcoded password in .claude/agents/flow-nexus/authentication.md
.claude/agents/flow-nexus/authentication.mdView on unpkg · L29Hardcoded password in .claude/agents/flow-nexus/authentication.md
.claude/agents/flow-nexus/authentication.mdView on unpkg · L43Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L41Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L69Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L245Hardcoded password in .claude/commands/flow-nexus/login-registration.md
.claude/commands/flow-nexus/login-registration.mdView on unpkg · L14Hardcoded password in .claude/commands/flow-nexus/login-registration.md
.claude/commands/flow-nexus/login-registration.mdView on unpkg · L23Hardcoded password in .claude/commands/flow-nexus/login-registration.md
.claude/commands/flow-nexus/login-registration.mdView on unpkg · L45Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md
.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L30Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md
.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L40Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md
.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L67Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md
.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L872Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md
.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L879