Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/config/load.tsView file
17if (existsSync(canonical)) {
L18: const mod = (await import(canonical)) as { default: LyraConfig }
L19: if (!mod.default) throw new Error(`lyra config at ${canonical} has no default export`)
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/config/load.tsView on unpkg · L17src/commands/login.tsView file
24/** Default web origin; override with LYRA_WEB_URL for local/staging testing. */
L25: const DEFAULT_WEB_URL = 'https://lyraai.space'
L26: const POLL_INTERVAL_MS = 2000
...
L62: try {
L63: const platform = process.platform
L64: const cmd = platform === 'darwin' ? 'open' : platform === 'win32' ? 'start' : 'xdg-open'
L65: // Lazy import so the happy path / tests don't pull in child_process.
L66: const { spawn } = require('node:child_process') as typeof import('node:child_process')
...
L85: headers: { 'content-type': 'application/json' },
L86: body: '{}',
L87: })
...
L90: }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/commands/login.tsView on unpkg · L24Findings
1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitysrc/commands/login.ts
MediumDynamic Requiresrc/config/load.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings