Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/ace-framework.jsView file
2L3: const { execSync } = require('child_process');
L4: const fs = require('fs');
High
Child Process
Package source references child process execution.
bin/ace-framework.jsView on unpkg · L270// Use degit to download the subfolder
L71: execSync(`npx degit ${source} "${targetPath}"`, { stdio: 'inherit' });
L72: log.success(`Successfully downloaded skill to .ace/skills/${skillName}`);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/ace-framework.jsView on unpkg · L70Findings
2 High1 Medium4 Low
HighChild Processbin/ace-framework.js
HighRuntime Package Installbin/ace-framework.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings