Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
6 flagged · loading sourcesrc/services/ssh.jsView file
19patternName = private_key_openssh
severity = critical
line = 19
matchedText = /^-----B...--/,
Critical
Critical Secret
Package contains a critical-looking secret pattern.
src/services/ssh.jsView on unpkg · L1919patternName = private_key_openssh
severity = critical
line = 19
matchedText = /^-----B...--/,
Critical
20patternName = private_key_rsa
severity = critical
line = 20
matchedText = /^-----B...--/,
Critical
22patternName = private_key_ec
severity = critical
line = 22
matchedText = /^-----B...--/,
Critical
src/ui/components/ConfirmationDialog.jsView file
41patternName = generic_password
severity = medium
line = 41
matchedText = h(Text, ...')),
Medium
Secret Pattern
Hardcoded password in src/ui/components/ConfirmationDialog.js
src/ui/components/ConfirmationDialog.jsView on unpkg · L41src/agent/loop/tool-executor.jsView file
243patternName = generic_password
severity = medium
line = 243
matchedText = this.rea...)));
Medium
Secret Pattern
Hardcoded password in src/agent/loop/tool-executor.js
src/agent/loop/tool-executor.jsView on unpkg · L243Findings
4 Critical4 Medium5 Low
CriticalCritical Secretsrc/services/ssh.js
CriticalSecret Patternsrc/services/ssh.js
CriticalSecret Patternsrc/services/ssh.js
CriticalSecret Patternsrc/services/ssh.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patternsrc/ui/components/ConfirmationDialog.js
MediumSecret Patternsrc/agent/loop/tool-executor.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License