registry  /  reddit-sonar  /  1.0.1

reddit-sonar@1.0.1

AI-powered Reddit lead generation tool — search, score, summarize, and engage with leads using Playwright + OpenRouter or DeepSeek

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
DynamicRequire
Supply chain
MinifiedObfuscatedTrivialUrlStrings
Manifest
NoLicense
scanned 2 file(s), 616 KB of source, external domains: wholesaas.com

Source & flagged code

2 flagged · loading source
bin/cli.jsView file
19L20: await import(pathToFileURL(entry).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/cli.jsView on unpkg · L19
dist/cli.jsView file
1#!/usr/bin/env node L2: const _0x5330f4=_0x440d;(function(_0x25de4a,_0x303a11){const _0xa86a2a=_0x440d,_0x1f2488=_0x25de4a();while(!![]){try{const _0x1dee2f=-parseInt(_0xa86a2a(0x560))/0x1+parseInt(_0xa86...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/cli.jsView on unpkg · L1

Findings

2 High2 Medium3 Low
HighObfuscated Payload Loaderdist/cli.js
HighObfuscated
MediumDynamic Requirebin/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowUrl Strings
LowNo License