Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
8 flagged · loading sourcePackage source references child process execution.
script/qa/web-terminal-visual-qa.mjsView on unpkg · L1Package source references shell execution.
packages/lsp-tools-mcp/dist/tools.jsView on unpkg · L488Package source references dynamic require/import behavior.
packages/omo-codex/plugin/components/comment-checker/src/runner.tsView on unpkg · L97Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
packages/lsp-daemon/dist/index.jsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
packages/omo-codex/plugin/components/bootstrap/scripts/bootstrap.ps1View on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
packages/omo-codex/plugin/components/lsp/test/fixtures/broken.pyView on unpkgPackage contains source files above the static scanner size ceiling.
dist/cli-node/index.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli-node/index.jsView on unpkg