Static Scan Results
scanned 9h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourceindex.jsView file
12L13: const CFG = path.join(os.homedir(), ".clipbait.json");
L14: const BASE = (process.env.CLIPBAIT_API_URL || "https://app.clipbait.ai/api").replace(/\/$/, "");
L15: const KEY_PAGE = "https://app.clipbait.ai/me";
...
L33: if (process.env.CLIPBAIT_API_KEY) return process.env.CLIPBAIT_API_KEY;
L34: try { return JSON.parse(fs.readFileSync(CFG, "utf8")).apiKey || null; } catch { return null; }
L35: }
...
L40: headers: { "X-API-Key": loadKey(), "Content-Type": "application/json" },
L41: body: body ? JSON.stringify(body) : undefined,
L42: });
...
L58: function openBrowser(url) {
L59: const { spawn } = require("child_process");
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L12Findings
1 High3 Medium3 Low
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings