Static Scan Results
scanned 3d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/video/audio-platform/native-lyria.jsView file
7*
L8: * POST https://{REGION}-aiplatform.googleapis.com/v1/projects/{PROJECT}/
L9: * locations/{REGION}/publishers/google/models/{MODEL}:predict
L10: * Authorization: Bearer <token>
L11: * Body: { instances: [{ prompt: string }], parameters: { sampleCount: 1 } }
L12: * Response: { predictions: [{ bytesBase64Encoded: string (WAV), mimeType }] }
L13: *
...
L27: import { dirname } from 'node:path';
L28: import { execFile } from 'node:child_process';
L29: import { promisify } from 'node:util';
...
L86: try {
L87: const metaResp = await fetcher('http://metadata.google.[redacted]-accounts/default/token', { headers: { 'Metadata-Flavor': 'Google' } });
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/video/audio-platform/native-lyria.jsView on unpkg · L7Findings
1 High3 Medium6 Low
HighCloud Metadata Accessdist/video/audio-platform/native-lyria.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License