registry  /  reddit-sonar  /  1.0.0

reddit-sonar@1.0.0

AI-powered Reddit lead generation tool — search, score, summarize, and engage with leads using Playwright + OpenRouter or DeepSeek

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
DynamicRequire
Supply chain
MinifiedObfuscatedTrivialUrlStrings
Manifest
NoLicense
scanned 2 file(s), 615 KB of source, external domains: platform.deepseek.com, wholesaas.com

Source & flagged code

2 flagged · loading source
bin/cli.jsView file
19L20: await import(pathToFileURL(entry).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/cli.jsView on unpkg · L19
dist/cli.jsView file
1#!/usr/bin/env node L2: const _0x69f6c4=_0x2f23;(function(_0x2dc11b,_0x569fa4){const _0xbb0acf=_0x2f23,_0x1fac63=_0x2dc11b();while(!![]){try{const _0x1bbad4=parseInt(_0xbb0acf(0x5fd))/0x1*(parseInt(_0xbb0...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/cli.jsView on unpkg · L1

Findings

2 High2 Medium3 Low
HighObfuscated Payload Loaderdist/cli.js
HighObfuscated
MediumDynamic Requirebin/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowUrl Strings
LowNo License