Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 14 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
3 flagged · loading sourcebuild/tools/harness-ccm-showcase.jsView file
13import * as path from "node:path";
L14: import { spawn } from "node:child_process";
L15: import { resolve, dirname } from "node:path";
High
Child Process
Package source references child process execution.
build/tools/harness-ccm-showcase.jsView on unpkg · L13build/report-renderer/index.jsView file
30*/
L31: const REPORT_API_KEY = process.env.REPORT_API_KEY?.trim() || undefined;
L32: function requireReportApiKey(req, res, next) {
...
L40: if (token !== REPORT_API_KEY) {
L41: res.status(401).json({ error: "Unauthorized — set Authorization: Bearer <REPORT_API_KEY>" });
L42: return;
...
L67: try {
L68: const oldPath = path.resolve(process.cwd(), "aim-pdf-out", "report-registry.json");
L69: if (fs.existsSync(oldPath) && !fs.existsSync(REGISTRY_PERSIST_PATH)) {
...
L248: throw new Error(`Failed to load theme template from ${templatePath}: ${String(err)}. ` +
L249: `If this is an external pack, ensure a package.json with { "type": "module" } ` +
L250: `exists in the pack directory.`);
Low
Weak Crypto
Package source references weak cryptographic algorithms.
build/report-renderer/index.jsView on unpkg · L30build/tools/reports/harness-adoption-reports-render.jsView file
9*
L10: * When HARNESS_AIM_REPORTS_URL is set (e.g. "http://localhost:4321"), this
L11: * tool does NOT register the report itself. Instead it validates the file and
...
L18: import * as path from "node:path";
L19: import { spawn } from "node:child_process";
L20: import matter from "gray-matter";
...
L23: /** URL of the aim-reports server when running as a separate process. */
L24: const AIM_REPORTS_URL = process.env.HARNESS_AIM_REPORTS_URL?.replace(/\/$/, "") || undefined;
L25: // Theme IDs are discovered at runtime from the themes directory (and any
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
build/tools/reports/harness-adoption-reports-render.jsView on unpkg · L9Findings
3 High3 Medium8 Low
HighChild Processbuild/tools/harness-ccm-showcase.js
HighShell
HighSame File Env Network Executionbuild/tools/reports/harness-adoption-reports-render.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowWeak Cryptobuild/report-renderer/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings