Static Scan Results
scanned 21h ago · by rust-scannerStatic analysis flagged 21 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
13 flagged · loading sourcePackage contains a critical-looking secret pattern.
client/dist/assets/SettingsView-Cb0DZfeW.jsView on unpkg · L164OpenSSH private key in client/dist/assets/SettingsView-Cb0DZfeW.js
client/dist/assets/SettingsView-Cb0DZfeW.jsView on unpkg · L164Package source references child process execution.
apis/projects/orchestration-run.jsView on unpkg · L16Package source references dynamic require/import behavior.
apis/secrets/index.jsView on unpkg · L2Package source references weak cryptographic algorithms.
lib/bot-reviewer/index.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
hooks/pi/jonggrang-extension.tsView on unpkg · L17Source launches a detached bundled service that exposes a broad-bound HTTP listener.
bin/jonggrang.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
bin/jonggrang.jsView on unpkg · L2658Package ships non-JavaScript build or shell helper files.
hooks/claude/secret-final-check.shView on unpkgPackage ships high-entropy non-source blobs.
client/dist/assets/primeicons-C6QP2o4f.woff2View on unpkgHardcoded password in skills/library/testing/unit-testing-patterns/SKILL.md
skills/library/testing/unit-testing-patterns/SKILL.mdView on unpkg · L17OpenSSH private key in client/dist/assets/ProjectSettingsView-DT4KtWe6.js
client/dist/assets/ProjectSettingsView-DT4KtWe6.jsView on unpkg · L1