Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 35 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
28 flagged · loading sourcePackage contains a critical-looking secret pattern.
v3/@swarmdo/guidance/dist/manifest-validator.jsView on unpkg · L702RSA private key in v3/@swarmdo/guidance/dist/manifest-validator.js
v3/@swarmdo/guidance/dist/manifest-validator.jsView on unpkg · L702Package source references child process execution.
v3/@swarmdo/swarm/dist/coordination/agent-registry.jsView on unpkg · L51Package source references shell execution.
v3/@swarmdo/security/dist/safe-executor.jsView on unpkg · L85Hardcoded password in v3/@swarmdo/guidance/dist/analyzer.js
v3/@swarmdo/guidance/dist/analyzer.jsView on unpkg · L1344Hardcoded password in v3/@swarmdo/guidance/dist/analyzer.js
v3/@swarmdo/guidance/dist/analyzer.jsView on unpkg · L2127Package source references a known benign dynamic code generation pattern.
v3/@swarmdo/guidance/dist/analyzer.jsView on unpkg · L2103Package source references dynamic require/import behavior.
bin/cli.jsView on unpkg · L10Source writes installer persistence such as shell profile or service configuration.
v3/@swarmdo/cli/dist/src/init/statusline-generator.jsView on unpkg · L18A single source file combines environment access, network access, and code or shell execution; review context before blocking.
v3/@swarmdo/cli/dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View on unpkg · L49Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
v3/vendor/swarmvector/bin/cli.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
v3/@swarmdo/codex/dist/initializer.jsView on unpkg · L300Package ships native binary artifacts.
v3/@swarmvector/attention/platforms/darwin-arm64/swarmvector-attention.nodeView on unpkgPackage ships WebAssembly modules.
v3/@swarmvector/swarmllm-wasm/swarmllm_wasm_bg.wasmView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.claude/statusline-command.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.claude/statusline-command.shView on unpkgHardcoded password in .claude/agents/core/reviewer.md
.claude/agents/core/reviewer.mdView on unpkg · L67Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L41Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L69Hardcoded password in .claude/agents/sparc/refinement.md
.claude/agents/sparc/refinement.mdView on unpkg · L245Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.js
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.jsView on unpkg · L809Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.js
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.jsView on unpkg · L1662Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.ts
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.tsView on unpkg · L58Hardcoded password in v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.ts
v3/@swarmdo/plugins/dist/integrations/swarmvector/swarmvector-bridge.d.tsView on unpkg · L194Hardcoded password in v3/@swarmdo/aidefence/README.md
v3/@swarmdo/aidefence/README.mdView on unpkg · L337Hardcoded password in v3/@swarmdo/cli/.claude/agents/sparc/refinement.md
v3/@swarmdo/cli/.claude/agents/sparc/refinement.mdView on unpkg · L339Hardcoded password in v3/@swarmdo/cli/.claude/agents/sparc/refinement.md
v3/@swarmdo/cli/.claude/agents/sparc/refinement.mdView on unpkg · L367Hardcoded password in v3/@swarmdo/cli/.claude/agents/sparc/refinement.md
v3/@swarmdo/cli/.claude/agents/sparc/refinement.mdView on unpkg · L543