Static Scan Results
scanned 7d ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/auth/oauth.tsView file
15label: "Anthropic Console (Claude)",
L16: authorizeUrl: "https://claude.ai/oauth/authorize",
L17: instructions: [
...
L51: const cmd =
L52: process.platform === "darwin" ? ["open", url] :
L53: process.platform === "win32" ? ["cmd", "/c", "start", "", url] :
L54: ["xdg-open", url];
L55: const proc = Bun.spawn(cmd, { stdout: "ignore", stderr: "ignore" });
L56: await proc.exited;
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/auth/oauth.tsView on unpkg · L15scripts/uninstall.shView file
•path = scripts/uninstall.sh
kind = build_helper
sizeBytes = 1042
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/uninstall.shView on unpkgFindings
1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitysrc/auth/oauth.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/uninstall.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings