Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcetests/review-bundle.test.tsView file
54const importer = new ReviewBundleImporter(target, { mutationLockPlatform: qualifiedReviewLockPlatform() });
L55: const imported = importer.import({ inputPath: first, operationId: "import-one", [redacted]: true });
L56: assert.equal(imported.imported, true);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
tests/review-bundle.test.tsView on unpkg · L54extensions/skill-registry.tsView file
54function userSkillDirs(): string[] {
L55: const home = homedir();
L56: return [
...
L127:
L128: function parseFrontmatter(source: string): { name?: string; description?: string; body: string } {
L129: const normalized = source.replace(/\r\n?/g, "\n");
...
L384: try {
L385: const parsed: unknown = JSON.parse(await readFile(cachePath, "utf8"));
L386: cached = isCacheFile(parsed) ? parsed.fingerprint : undefined;
...
L427: argv = process.argv.slice(2),
L428: env = process.env,
L429: ): boolean {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
extensions/skill-registry.tsView on unpkg · L54Findings
3 Medium5 Low
MediumDynamic Requiretests/review-bundle.test.ts
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptoextensions/skill-registry.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings