Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/mdblu.jsView file
9const crypto = require('crypto');
L10: const { spawnSync } = require('child_process');
L11: const os = require('os');
High
708if (!rest.length) {
L709: process.stderr.write('Usage: mdblu propose <file> [--when <text>]\n');
L710: process.exit(1);
...
L714: // Preflight: gh auth
L715: const authCheck = spawnSync('gh', ['auth', 'status'], { stdio: 'pipe' });
L716: if (authCheck.status !== 0) {
L717: process.stderr.write(
L718: 'error: mdblu propose needs the GitHub CLI — install https://cli.github.com then run gh auth login\n'
L719: );
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/mdblu.jsView on unpkg · L708Findings
2 High1 Medium4 Low
HighChild Processbin/mdblu.js
HighCommand Output Exfiltrationbin/mdblu.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings