Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/cli.jsView file
5L6: async function getClipboardy() {
L7: try {
...
L38: Examples:
L39: npx ocular-audio "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
L40: npx ocular-audio --detail overview "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
...
L45: if (args[i] === '-v' || args[i] === '--version') {
L46: const pkg = require('../package.json');
L47: console.log(pkg.version);
...
L79:
L80: const pythonScriptPath = path.join(__dirname, '..', 'ocular_audio_mcp.py');
L81: const pythonCmd = process.platform === 'win32' ? 'python' : 'python3';
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/cli.jsView on unpkg · L5ocular_audio_mcp.pyView file
•path = ocular_audio_mcp.py
kind = build_helper
sizeBytes = 40142
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
ocular_audio_mcp.pyView on unpkgFindings
1 High2 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/cli.js
MediumShips Build Helperocular_audio_mcp.py
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings