Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcebin/forge.mjsView file
164const lib = join(TEMPLATE_FORGE, 'scripts', 'lib', 'plugin-build.mjs');
L165: const { collectCommands, planForgePlugin, writePlugin } = await import(pathToFileURL(lib).href);
L166: const dest = out || join(homedir(), '.claude', 'skills', 'forge');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/forge.mjsView on unpkg · L164template/.forge/hooks/pre-tool-use/check-language-policy.shView file
•path = template/.forge/hooks/pre-tool-use/check-language-policy.sh
kind = payload_in_excluded_dir
sizeBytes = 2120
magicHex = [redacted]
High
Payload In Excluded Dir
Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
template/.forge/hooks/pre-tool-use/check-language-policy.shView on unpkg•path = template/.forge/hooks/pre-tool-use/check-language-policy.sh
kind = build_helper
sizeBytes = 2120
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
template/.forge/hooks/pre-tool-use/check-language-policy.shView on unpkgFindings
1 High3 Medium3 Low
HighPayload In Excluded Dirtemplate/.forge/hooks/pre-tool-use/check-language-policy.sh
MediumDynamic Requirebin/forge.mjs
MediumShips Build Helpertemplate/.forge/hooks/pre-tool-use/check-language-policy.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings