Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourceesm/commands/env.jsView file
41patternName = generic_password
severity = medium
line = 41
matchedText = password...es',
Medium
esm/utils/npm-version.jsView file
1import { execFile } from 'child_process';
L2: import semver from 'semver';
High
Child Process
Package source references child process execution.
esm/utils/npm-version.jsView on unpkg · L1esm/commands/init/index.jsView file
236: `https://github.com/${f.source}`;
L237: process.stdout.write(` npx skills add ${source} --skill ${f.skill}\n`);
L238: }
...
L250: try {
L251: execSync(cmd, {
L252: cwd,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
esm/commands/init/index.jsView on unpkg · L236commands/env.jsView file
43patternName = generic_password
severity = medium
line = 43
matchedText = password...es',
Medium
Findings
3 High4 Medium4 Low
HighChild Processesm/utils/npm-version.js
HighShell
HighRuntime Package Installesm/commands/init/index.js
MediumSecret Patternesm/commands/env.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterncommands/env.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings