Static Scan Results
scanned 14d ago · by rust-scannerStatic analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
7 flagged · loading sourcePackage source references child process execution.
bin/langfuse-cli.jsView on unpkg · L5Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/langfuse-cli.jsView on unpkg · L5Package source references weak cryptographic algorithms.
scripts/skillhub/source.mjsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/opencode-langfuse-setup.mjsView on unpkg · L3A single source file combines environment access, network access, and code or shell execution; review context before blocking.
scripts/auto-update-runtime.mjsView on unpkg · L3Package ships non-JavaScript build or shell helper files.
codex_langfuse_notify.pyView on unpkg