Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/src/connection.jsView file
36const read_pkg_up_1 = __importDefault(require("read-pkg-up"));
L37: const { packageJson } = read_pkg_up_1.default.sync({ cwd: __dirname }) || {};
L38: const API_URL = process.env["WHEROBOTS_API_URL"] || "https://api.cloud.wherobots.com";
L39: const PROTOCOL_VERSION = "1.0.0";
L40: const OS_TYPE = `${process.platform};${process.arch}`;
L41: const NODE_VERSION = process.version;
...
L95: // the body below when undefined (JSON.stringify omits undefined values).
L96: const sessionParams = new URLSearchParams();
L97: if (this.options.region) {
...
L264: if (typeof e.data === "string") {
L265: toParse = JSON.parse(e.data);
L266: }
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/src/connection.jsView on unpkg · L36Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/src/connection.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings