Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 26 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
mcp-server/build/prompts.jsView on unpkg · L313RSA private key in mcp-server/build/prompts.js
mcp-server/build/prompts.jsView on unpkg · L313Package source references dynamic require/import behavior.
bin/index.jsView on unpkg · L42Package source invokes a package manager install command at runtime.
bin/createModule.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
scripts/install-btp.shView on unpkgPackage ships high-entropy non-source blobs.
vscode-extension/hana-cli-0.1.0.vsixView on unpkgPackage ships compressed or archive-like blobs.
vscode-extension/hana-cli-0.1.0.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
vscode-extension/hana-cli-0.1.0.vsixView on unpkgRSA private key in mcp-server/src/prompts.ts
mcp-server/src/prompts.tsView on unpkg · L340Hardcoded password in docs/01-getting-started/configuration.md
docs/01-getting-started/configuration.mdView on unpkg · L241Hardcoded password in docs/troubleshooting/index.md
docs/troubleshooting/index.mdView on unpkg · L1134Hardcoded password in docs/03-features/mcp/implementation-guide.md
docs/03-features/mcp/implementation-guide.mdView on unpkg · L329Hardcoded password in docs/03-features/mcp/implementation-complete.md
docs/03-features/mcp/implementation-complete.mdView on unpkg · L231Hardcoded password in .github/agents/e2e-test-agent/e2e-test-agent.agent.md
.github/agents/e2e-test-agent/e2e-test-agent.agent.mdView on unpkg · L144