Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
70*/
L71: const node_child_process_1 = require("node:child_process");
L72: const fs = __importStar(require("node:fs"));
...
L77: /** Public seed repository. Cloned credential-free over HTTPS. */
L78: const DEFAULT_SEED_REPO = 'https://github.com/Clarittyai/agentic-app-seed.git';
L79: /**
...
L118: // --- Tiny ANSI helpers (no deps) ---------------------------------------------
L119: const supportsColor = process.stdout.isTTY && process.env.NO_COLOR === undefined;
L120: const paint = (code, s) => (supportsColor ? `\x1b[${code}m${s}\x1b[0m` : s);
...
L167: const SPIN_FRAMES = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
L168: const spinTTY = !!process.stdout.isTTY && process.env.NO_COLOR === undefined && process.env.CI === undefined;
L169: let activeSpinner = null;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L70Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings