Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcebin/passcontrol.mjsView file
1#!/usr/bin/env node
L2: import { execFileSync, spawn } from "node:child_process";
L3: import fs from "node:fs";
L4: import net from "node:net";
L5: import os from "node:os";
...
L30: const b64url = (bytes) =>
L31: Buffer.from(bytes).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
L32: const fromB64url = (s) => new Uint8Array(Buffer.from(s.replace(/-/g, "+").replace(/_/g, "/"), "base64"));
...
L75: function cliPrefix() {
L76: return process.env.npm[redacted] === "cli" ? "npm run cli --" : "passcontrol";
L77: }
...
L186: function appConfigDir(env = process.env) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/passcontrol.mjsView on unpkg · L1Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitybin/passcontrol.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings