Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
CryptoEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/pair-cli.jsView file
6export async function pairBgos(opts) {
L7: const label = opts.deviceLabel ?? `${hostname()} (Gobot)`;
L8: const res = await BgosApi.pairExchange(opts.baseUrl, {
...
L17: const secretsDir = opts.secretsDir ??
L18: join(process.env.HOME ?? process.env.USERPROFILE ?? ".", ".gobot", "secrets");
L19: await mkdir(secretsDir, { recursive: true });
...
L32: }
L33: const DEFAULT_BASE_URL = "https://api.brandgrowthos.ai";
L34: function parseAgentCatalog(raw) {
...
L65: if (!code) {
L66: process.stderr.write("usage: gobot-pair-bgos <CODE> [--device-label NAME] [--base-url URL]\n");
L67: process.exit(2);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/pair-cli.jsView on unpkg · L6Findings
1 High2 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/pair-cli.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings