registry  /  gpusmarket  /  2.4.3

gpusmarket@2.4.3

Rent real GPUs from the terminal. Agent-first CLI + built-in MCP server for GPUsMarket — signup, rent, chat, pool. Per-second billing, no minimum charge.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscated
Manifest
NoLicense
scanned 15 file(s), 207 KB of source

Source & flagged code

2 flagged · loading source
bin/cli.jsView file
6*/ L7: try { require('../dist/main'); } L8: catch { require('../src/main'); }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/cli.jsView on unpkg · L6
dist/mcp-tools.jsView file
1const a0_0x3676df=a0_0x4151;(function(_0x1587a1,_0x3b360f){const _0x3c3f89=a0_0x4151,_0x55a61c=_0x1587a1();while(!![]){try{const _0x13cf41=parseInt(_0x3c3f89(0x1f4))/0x1+parseInt(_...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/mcp-tools.jsView on unpkg · L1

Findings

2 High3 Medium5 Low
HighObfuscated Payload Loaderdist/mcp-tools.js
HighObfuscated
MediumDynamic Requirebin/cli.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License