Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcelib/commands.jsView file
4const fs = require('fs-extra');
L5: const axios = require('axios');
L6: const { execFile } = require('child_process');
L7: const { promisify } = require('util');
...
L13: const execFileAsync = promisify(execFile);
L14: const NPM_BIN = process.platform === 'win32' ? 'npm.cmd' : 'npm';
L15: const NPX_BIN = process.platform === 'win32' ? 'npx.cmd' : 'npx';
...
L31: name: 'weiyuan-skill-runtime',
L32: private: true,
L33: version: '0.0.0',
...
L73: function bundledSkillMetadataPath(fileName) {
L74: return path.join(__dirname, '..', 'workspace-weiyuan', 'weiyuan', fileName);
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/commands.jsView on unpkg · L4Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitylib/commands.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License