Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 20 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
11 flagged · loading sourcePackage source references child process execution.
common/tool/develop/get_diagnostics/index.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
common/tool/develop/get_diagnostics/index.jsView on unpkg · L28Package source references shell execution.
common/tool/system/auto_operation/desktop.jsView on unpkg · L6Package source references a known benign dynamic code generation pattern.
common/tool/develop/frontend_debug/vconsole.min.jsView on unpkg · L9Package source references dynamic require/import behavior.
core/contact/index.jsView on unpkg · L1Package source executes code through a VM context API.
common/tool/develop/exec_code/index.jsView on unpkg · L1Package ships high-entropy non-source blobs.
common/agent/内置智能体.xlsxView on unpkgPackage ships compressed or archive-like blobs.
common/agent/内置智能体.xlsxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
common/agent/内置智能体.xlsxView on unpkg