Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsObfuscatedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/tui/file-index.jsView file
4*/
L5: import { execFileSync } from 'child_process';
L6: import glob from 'fast-glob';
High
Child Process
Package source references child process execution.
dist/tui/file-index.jsView on unpkg · L4dist/agent/executor.jsView file
39this.i18n = config.i18n;
L40: this.projectRoot = config.projectRoot ?? process.cwd();
L41: this.repoMap = config.repoMap;
...
L109: }
L110: /** 统一输出:onWrite 优先 → onEvent 其次 → process.stdout 回退 */
L111: _write(text) {
...
L119: }
L120: process.stdout.write(text);
L121: }
...
L320: try {
L321: const validation = PlanModeManager.validatePlan(JSON.parse(jsonText));
L322: const formatted = validation.valid && validation.plan
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/agent/executor.jsView on unpkg · L39dist/index.jsView file
3import { Command } from 'commander';
L4: import { execSync } from 'child_process';
L5: import { readFileSync } from 'fs';
L6: import { dirname, resolve } from 'path';
L7: import { createServer } from 'net';
L8: import { createRequire } from 'module';
...
L17: function resolveUserProjectRoot() {
L18: return resolve(process.env.CUSTOMIZE_PROJECT_ROOT ?? process.env.INIT_CWD ?? process.env.PWD ?? process.cwd());
L19: }
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L3Findings
3 High3 Medium6 Low
HighChild Processdist/tui/file-index.js
HighShell
HighSame File Env Network Executiondist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/agent/executor.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings