Static Scan Results
scanned 5d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcetests/fixtures/measure-orchestrator-prompt.mjsView file
15L16: const { __testing } = await import(join(import.meta.dirname, "..", "..", "extensions", "gentle-ai.ts"));
L17: const assetsDir = process.argv[2];
Medium
Dynamic Require
Package source references dynamic require/import behavior.
tests/fixtures/measure-orchestrator-prompt.mjsView on unpkg · L15extensions/skill-registry.tsView file
54function userSkillDirs(): string[] {
L55: const home = homedir();
L56: return [
...
L127:
L128: function parseFrontmatter(source: string): { name?: string; description?: string; body: string } {
L129: const normalized = source.replace(/\r\n?/g, "\n");
...
L384: try {
L385: const parsed: unknown = JSON.parse(await readFile(cachePath, "utf8"));
L386: cached = isCacheFile(parsed) ? parsed.fingerprint : undefined;
...
L427: argv = process.argv.slice(2),
L428: env = process.env,
L429: ): boolean {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
extensions/skill-registry.tsView on unpkg · L54Findings
3 Medium4 Low
MediumDynamic Requiretests/fixtures/measure-orchestrator-prompt.mjs
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptoextensions/skill-registry.ts
LowFilesystem
LowHigh Entropy Strings