Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis flagged 36 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
26 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a possible secret pattern.
payload/out/renderer/assets/index-CPqvQHaG.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
bin/wayland.mjsView on unpkg · L111Source writes installer persistence such as shell profile or service configuration.
bin/wayland.mjsView on unpkg · L12Package source references shell execution.
payload/out/renderer/assets/vendor-highlight-DYD54Gmn.jsView on unpkg · L8Package source references a known benign dynamic code generation pattern.
payload/out/renderer/assets/whisperWorker-yk8fSaV0.jsView on unpkg · L6Source reaches cloud instance metadata or link-local credential endpoints.
payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L1224Package source references dynamic require/import behavior.
payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L6Package ships WebAssembly modules.
payload/dist-server/wasm/tree-sitter.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
payload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.pyView on unpkgPackage ships high-entropy non-source blobs.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage ships compressed or archive-like blobs.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkgPackage contains source files above the static scanner size ceiling.
payload/dist-server/gemini.jsView on unpkgHardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.mdView on unpkg · L107Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.mdView on unpkg · L94Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.mdView on unpkg · L328Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.mdView on unpkg · L167Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.mdView on unpkg · L64Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.mdView on unpkg · L150Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L78Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L108RSA private key in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.mdView on unpkg · L76Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.md
payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.mdView on unpkg · L290