Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/cli.jsView file
6L7: const CACHE_DIR = path.join(os.homedir(), '.cache', 'ocular_audio_mcp');
L8: const VERSION = require('../package.json').version;
L9:
L10: // ── Clipboard helper ────────────────────────────────────────────────────────
L11: async function getClipboardy() {
L12: try {
...
L40: try {
L41: const data = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
L42: videos.push({
...
L92: Output Control:
L93: --stdout Print transcript to stdout only (no clipboard, no file)
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/cli.jsView on unpkg · L6ocular_audio_mcp.pyView file
•path = ocular_audio_mcp.py
kind = build_helper
sizeBytes = 44103
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
ocular_audio_mcp.pyView on unpkgFindings
1 High2 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/cli.js
MediumShips Build Helperocular_audio_mcp.py
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings