Static Scan Results
scanned 8d ago · by rust-scannerStatic analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcedist/worker.jsView file
1import { execFile } from "node:child_process";
L2: import { remoteConfig, withRemote } from "./remote.js";
High
8...(opts.timeoutMs ? { timeout: opts.timeoutMs, killSignal: "SIGKILL" } : {}),
L9: // cmd.exe needs verbatim args or Node's quoting breaks `/c <template>`.
L10: windowsVerbatimArguments: cmd === "cmd",
High
dist/index.jsView file
1916server.on("close", () => service.store.close());
L1917: log(`Tower listening on http://${host}:${port}/mcp${token ? " (token required)" : ""}`);
L1918: log(`Live board: http://${host}:${port}/board`);
...
L1927: }
L1928: function gitDefaults(cwd, env = process.env) {
L1929: const git = (cmd) => {
L1930: try {
L1931: return execSync(cmd, { cwd, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
L1932: } catch {
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1916Findings
3 High2 Medium3 Low
HighChild Processdist/worker.js
HighShelldist/worker.js
HighSame File Env Network Executiondist/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings