Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcecli/lib/doctor.mjsView file
3import { openclawConfigPath } from "./paths.mjs";
L4: import { execSync } from "node:child_process";
L5: import { loadCatalog } from "./catalog.mjs";
High
93findings.fix.push({
L94: msg: "POSIX Ruff hook detected — re-run loadout on Windows to apply lint-python-on-edit-win (PowerShell, no jq)",
L95: file: ".claude/settings.json",
High
447msg: hasAuto
L448: ? `Loadout would still suggest: ${names} — run npx claude-loadout doctor --fix`
L449: : onlyPlugins
...
L457: const cmd = process.platform === "win32" ? `where ${name}` : `which ${name}`;
L458: execSync(cmd, { stdio: "ignore" });
L459: return true;
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
cli/lib/doctor.mjsView on unpkg · L447Findings
3 High2 Medium5 Low
HighChild Processcli/lib/doctor.mjs
HighShellcli/lib/doctor.mjs
HighRuntime Package Installcli/lib/doctor.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings