Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
170import { dirname as dirname2, isAbsolute as isAbsolute2, join as join2, relative as relative2, sep as sep2 } from "node:path";
L171: import { exec } from "node:child_process";
L172: import { promisify } from "node:util";
High
206/\bgit\s+push\b/i,
L207: /\b(curl|wget|irm|iwr)\b[^|]*\|\s*(sh|bash|zsh|iex|powershell)/i,
L208: />\s*\/dev\/sd/i
High
98var DEFAULT_API_URL = "https://api.futurim.org";
L99: function apiBaseUrl() {
L100: return process.env.FUTUREX_API_URL ?? process.env.API_URL ?? DEFAULT_API_URL;
...
L119: try {
L120: return JSON.parse(readFileSync(path, "utf8"));
L121: } catch {
...
L170: import { dirname as dirname2, isAbsolute as isAbsolute2, join as join2, relative as relative2, sep as sep2 } from "node:path";
L171: import { exec } from "node:child_process";
L172: import { promisify } from "node:util";
High
Remote Agent Bridge
Source exposes local file and command tools to a remote model endpoint.
dist/index.jsView on unpkg · L9897import { join } from "node:path";
L98: var DEFAULT_API_URL = "https://api.futurim.org";
L99: function apiBaseUrl() {
L100: return process.env.FUTUREX_API_URL ?? process.env.API_URL ?? DEFAULT_API_URL;
L101: }
L102: function futurexHome() {
L103: return process.env.FUTUREX_HOME ?? join(homedir(), ".futurex");
L104: }
...
L119: try {
L120: return JSON.parse(readFileSync(path, "utf8"));
L121: } catch {
...
L170: import { dirname as dirname2, isAbsolute as isAbsolute2, join as join2, relative as relative2, sep as sep2 } from "node:path";
Low
Findings
3 High3 Medium7 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighRemote Agent Bridgedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License