Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 23 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/services/skill-validator.d.tsView on unpkg · L12RSA private key in dist/services/skill-validator.d.ts
dist/services/skill-validator.d.tsView on unpkg · L12Package source references child process execution.
benchmark/offline-qa/analyze-quality.tsView on unpkg · L3RSA private key in dist/services/skill-validator.js
dist/services/skill-validator.jsView on unpkg · L29Package source references a known benign dynamic code generation pattern.
dist/services/skill-validator.jsView on unpkg · L120Package source references dynamic require/import behavior.
dist/routes/dashboard/collectors.jsView on unpkg · L29Package source references weak cryptographic algorithms.
dist/backends/facts-db/procedures/internal.jsView on unpkg · L30Source writes installer persistence such as shell profile or service configuration.
dist/cli/commands/manage/register-procedure-lifecycle.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
cli/plugin-commands.tsView on unpkg · L77Package ships non-JavaScript build or shell helper files.
benchmark/offline-qa/clone-sandbox.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/install/upgrade-config-preflight.jsView on unpkgRSA private key in services/skill-validator.ts
services/skill-validator.tsView on unpkg · L70