Static Scan Results
scanned 11d ago · by rust-scannerStatic analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
7 flagged · loading sourcePackage source references child process execution.
scripts/harness/biome-ast-engine/infrastructure/adapters/biome-cli-executor-adapter.tsView on unpkg · L5Package source references shell execution.
scripts/harness/agent-integration/presentation/phasegate-status-context.tsView on unpkg · L16Package source references dynamic require/import behavior.
scripts/harness/main.tsView on unpkg · L2801Package source references weak cryptographic algorithms.
scripts/harness/harness-api/infrastructure/adapters/harness-config-query-adapter.tsView on unpkg · L41Package source invokes a package manager install command at runtime.
scripts/harness/regression-suite/infrastructure/adapters/vitest-test-runner-adapter.tsView on unpkg · L67Package ships non-JavaScript build or shell helper files.
scripts/delegate-sonnet.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
templates/.claude/scripts/format-settings-hook.shView on unpkg