Static Scan Results
scanned 6h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/adapters/db-adapter/memory-persistence.jsView file
14exports.queryMemoryBySymbol = queryMemoryBySymbol;
L15: const node_child_process_1 = require("node:child_process");
L16: const node_util_1 = require("node:util");
High
Child Process
Package source references child process execution.
dist/adapters/db-adapter/memory-persistence.jsView on unpkg · L14dist/commands/scan-repo.jsView file
57const ast_parser_1 = require("../utils/ast-parser");
L58: const API_BASE = "https://kodingo-api.onrender.com";
L59: const SUPPORTED_EXTENSIONS = [
...
L124: break;
L125: const data = await res.json();
L126: for (const m of data.memories ?? []) {
...
L146: headers: { "Content-Type": "application/json", "X-Kodingo-Token": token },
L147: body: JSON.stringify({ symbol: symbol.name, code: symbol.code }),
L148: });
...
L164: machineId: (0, persistence_config_1.readConfig)().machineId ?? undefined,
L165: displayName: os.hostname(),
L166: fingerprint: symbol.fingerprint ?? undefined,
High
Host Fingerprint Exfiltration
Source collects local host identity data and sends it to an external endpoint.
dist/commands/scan-repo.jsView on unpkg · L57dist/commands/update.jsView file
27try {
L28: (0, child_process_1.execSync)("npm install -g kodingo-cli@latest", { stdio: "inherit" });
L29: console.log(`Updated to ${latestVersion} successfully.`);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/commands/update.jsView on unpkg · L27Findings
3 High3 Medium5 Low
HighChild Processdist/adapters/db-adapter/memory-persistence.js
HighHost Fingerprint Exfiltrationdist/commands/scan-repo.js
HighRuntime Package Installdist/commands/update.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings