Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcetemplate/scripts/install-skills.mjsView file
35*/
L36: import { spawnSync } from "node:child_process";
L37: import fs from "node:fs";
High
Child Process
Package source references child process execution.
template/scripts/install-skills.mjsView on unpkg · L35102console.log(`[skills] ${pretty}${where}`);
L103: const result = spawnSync("npx", ["--yes", "skills", ...args], {
L104: cwd,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
template/scripts/install-skills.mjsView on unpkg · L102Findings
3 High2 Medium3 Low
HighChild Processtemplate/scripts/install-skills.mjs
HighShell
HighRuntime Package Installtemplate/scripts/install-skills.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings