Static Scan Results
scanned 15d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 14 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
CopyleftLicense
Source & flagged code
3 flagged · loading sourcedist/services/agent/AgentCore.jsView file
101// Use eval to prevent TypeScript from transforming to require()
L102: const claudeSDK = await eval("import('@anthropic-ai/claude-agent-sdk')");
L103: // Wrap with Context Company observability when TCC_API_KEY is configured
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/services/agent/AgentCore.jsView on unpkg · L101bin/rivet.jsView file
4L5: const fs = require('fs');
L6: const path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/rivet.jsView on unpkg · L4src/ui/dist/fonts/Satoshi-VariableItalic.woff2View file
•path = src/ui/dist/fonts/Satoshi-VariableItalic.woff2
kind = high_entropy_blob
sizeBytes = 43844
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
src/ui/dist/fonts/Satoshi-VariableItalic.woff2View on unpkgFindings
1 High4 Medium9 Low
HighShips High Entropy Blobsrc/ui/dist/fonts/Satoshi-VariableItalic.woff2
MediumDynamic Requirebin/rivet.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/services/agent/AgentCore.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License