Static Scan Results
scanned 1d ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/service.jsView file
9*/
L10: import { execFileSync } from "child_process";
L11: import * as fs from "fs";
High
9*/
L10: import { execFileSync } from "child_process";
L11: import * as fs from "fs";
...
L29: function plistPath() {
L30: return path.join(os.homedir(), "Library", "LaunchAgents", `${LABEL}.plist`);
L31: }
...
L59: try {
L60: execFileSync("launchctl", ["bootout", `gui/${uid}/${LABEL}`], { stdio: "ignore" });
L61: }
...
L130: function startupCmdPath() {
L131: const appdata = process.env.APPDATA || path.join(os.homedir(), "AppData", "Roaming");
L132: return path.join(appdata, "Microsoft", "Windows", "Start Menu", "Programs", "Startup", "maki-agent.cmd");
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/service.jsView on unpkg · L9dist/mcp/readonly-proxy.jsView file
38export function runReadonlyProxy(playwrightArgs) {
L39: const child = spawn("npx", playwrightArgs, { stdio: ["pipe", "pipe", "inherit"] });
L40: child.on("exit", (code) => process.exit(code ?? 0));
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/mcp/readonly-proxy.jsView on unpkg · L38Findings
3 High4 Medium6 Low
HighChild Processdist/service.js
HighShell
HighRuntime Package Installdist/mcp/readonly-proxy.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/service.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License