Static Scan Results
scanned 14m ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/ui/clipboard.jsView file
1import { stdout, platform } from 'node:process';
L2: import { spawn } from 'node:child_process';
L3: /**
High
Child Process
Package source references child process execution.
dist/ui/clipboard.jsView on unpkg · L113* 读取(readClipboard):OSC 52 是单向的(终端不会把剪贴板内容回传给应用,即便发 `\x1B]52;c;?\x07`
L14: * 请求读取,多数终端出于安全考虑不响应),故读只能靠本地原生工具:win32=PowerShell Get-Clipboard、
L15: * darwin=pbpaste、linux=wl-paste / xclip -o / xsel -o。供鼠标点击输入框时"贴入"用。
High
dist/pet/bridge.jsView file
120catch (e) {
L121: reject(new Error('mocode-pet-app 未安装,请运行 npm install mocode-pet-app'));
L122: return;
...
L124: try {
L125: const child = spawn(process.execPath, [binPath], {
L126: detached: true,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/pet/bridge.jsView on unpkg · L120Findings
3 High3 Medium5 Low
HighChild Processdist/ui/clipboard.js
HighShelldist/ui/clipboard.js
HighRuntime Package Installdist/pet/bridge.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings