Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/core/registry.jsView file
10const path_1 = require("path");
L11: const child_process_1 = require("child_process");
L12: const config_1 = require("./config");
High
Child Process
Package source references child process execution.
dist/core/registry.jsView on unpkg · L10dist/api/server.jsView file
417if (url.startsWith('/api/portfolio/intelligence')) {
L418: const params = new URL(`http://x${url}`).searchParams;
L419: const repoName = params.get('repo');
...
L425: try {
L426: const { execSync } = require('child_process');
L427: const PATH = `/opt/homebrew/bin:/usr/local/bin:${process.env.PATH}`;
L428: const ver = execSync('claude --version', { encoding: 'utf-8', timeout: 5000, env: { ...process.env, PATH } }).trim();
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/api/server.jsView on unpkg · L417Findings
3 High2 Medium5 Low
HighChild Processdist/core/registry.js
HighShell
HighSame File Env Network Executiondist/api/server.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings