Static Scan Results
scanned 3h ago · by rust-scannerStatic analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
1 flagged · loading sourcebin/install.jsView file
5const readline = require("readline");
L6: const { spawn } = require("child_process");
L7:
L8: const MCP_ORIGIN = "https://mcp.spacesheep.dev";
L9: const SKILL_FILE = "sheep.md";
L10: const SKILL_CONTENT = fs.readFileSync(
L11: path.join(__dirname, "..", "skills", SKILL_FILE),
L12: "utf-8"
...
L69: if (fs.existsSync(mcpPath)) {
L70: try { existing = JSON.parse(fs.readFileSync(mcpPath, "utf-8")); } catch {}
L71: }
...
L81: function openBrowser(url) {
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/install.jsView on unpkg · L5Findings
1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitybin/install.js
MediumNetwork
LowFilesystem
LowUrl Strings