Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
3268import { Command as Command25 } from "commander";
L3269: import { execSync } from "child_process";
L3270:
High
4244if (opts.skill) touchCache(SKILL_CACHE_FILE);
L4245: spawn(process.execPath, [entryPath, REFRESH_COMMAND], {
L4246: detached: true,
...
L4250: env: {
L4251: ...process.env,
L4252: [ENV_REFRESH_CLI]: opts.cli ? "1" : "",
...
L4259: function refreshCliCache() {
L4260: return new Promise((resolve4) => {
L4261: exec(NPM_VIEW_VERSION_CMD, { timeout: REFRESH_TIMEOUT_MS }, (err, stdout) => {
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L42443314try {
L3315: latest = execSync(NPM_VIEW_VERSION_CMD, { timeout: 1e4 }).toString().trim();
L3316: } catch {
L3317: console.error(`Could not reach npm to check for updates.`);
L3318: console.error(`Try manually: npm install -g ${NPM_PACKAGE}`);
L3319: process.exit(1);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3314Findings
4 High3 Medium5 Low
HighChild Processdist/index.js
HighShell
HighSame File Env Network Executiondist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License