Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
1207var EventEmitter = __require("events").EventEmitter;
L1208: var childProcess = __require("child_process");
L1209: var path = __require("path");
High
2060}
L2061: const execArgv = process2.execArgv ?? [];
L2062: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
11730console.log(`Handing off to skills.sh (npx skills add ${SKILL_REPO}) \u2014 it will ask which agents to install for.`);
L11731: const result = spawnSync("npx", ["skills", "add", SKILL_REPO], { stdio: "inherit" });
L11732: if (result.error) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L11730Findings
3 High2 Medium4 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings