Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
1 flagged · loading sourcenpm/bin.cjsView file
2L3: const { spawn } = require("child_process");
L4: const {
...
L11: const { join, dirname } = require("path");
L12: const { createGunzip } = require("zlib");
L13: const { pipeline } = require("stream");
...
L15: const os = require("os");
L16: const https = require("https");
L17: const http = require("http");
...
L21: const REPO = "LeoMartinDev/diavola";
L22: const BIN_NAME = process.platform === "win32" ? "diavola.exe" : "diavola";
L23:
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
npm/bin.cjsView on unpkg · L2Findings
1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitynpm/bin.cjs
MediumNetwork
LowFilesystem
LowUrl Strings