Static Scan Results
scanned 10d ago · by rust-scannerStatic analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
FilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/utils/exec.jsView file
1import chalk from 'chalk'
L2: import { execa } from 'execa'
L3: import ora from 'ora'
High
src/steps/optimization/caveman.jsView file
1import { execa } from 'execa'
L2: import { header, success, warn, error, loading, info } from '../../utils/exec.js'
...
L14: try {
L15: info('Installing caveman via npx skills')
L16: const result = await execa('npx', skillsArgs, {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/steps/optimization/caveman.jsView on unpkg · L1Findings
2 High2 Medium4 Low
HighShellsrc/utils/exec.js
HighRuntime Package Installsrc/steps/optimization/caveman.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings