Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcelib/commands/init.jsView file
379patternName = generic_password
severity = medium
line = 379
matchedText = db_passw...rd',
Medium
lib/commands/recorder.jsView file
21L22: import { spawn } from 'node:child_process';
L23: import pc from 'picocolors';
...
L31: const RECORDER_PAGE = () =>
L32: process.env.NETWORKR_RECORDER_URL || 'https://networkr.dev/recorder';
L33:
...
L51: function openBrowser(url) {
L52: const cmd = process.platform === 'darwin' ? 'open'
L53: : process.platform === 'win32' ? 'start'
...
L107: if (cancelled) return null;
L108: const r = await api('/api/recorder/settings', { method: 'PUT', token: key, body: answers });
L109: ok(`saved — recordings cap at ${fmtLen(r.settings.max_seconds)}, ${r.settings.bg} cam, ${r.settings.corner} corner`);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/commands/recorder.jsView on unpkg · L21Findings
1 High4 Medium3 Low
HighSandbox Evasion Gated Capabilitylib/commands/recorder.js
MediumSecret Patternlib/commands/init.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings