Static Scan Results
scanned 4d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
1993const mxcModule = "@microsoft/mxc-sdk";
L1994: await import(mxcModule);
L1995: hasMxc = true;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L19934import { program } from "commander";
L5: import { createConnection, createServer } from "net";
L6: import { existsSync as existsSync6 } from "fs";
...
L9: import { tmpdir as tmpdir3 } from "os";
L10: import { spawn } from "child_process";
L11:
...
L19: function getConfigPaths() {
L20: const home = homedir();
L21: const cwd = process2.cwd();
...
L69: const content = await readFile(file, "utf8");
L70: const json = JSON.parse(content);
L71: let mcpServers;
Low
Findings
4 Medium6 Low
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings