Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
9 flagged · loading sourcePackage source references child process execution.
tools/bundle-web-bundles.jsView on unpkg · L15Package source references dynamic require/import behavior.
tools/bundle-web-bundles.jsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/skills-lib/huashu-design/scripts/tts-doubao.mjsView on unpkg · L14Package source invokes a package manager install command at runtime.
tools/installer/yaml-format.jsView on unpkg · L145Package ships non-JavaScript build or shell helper files.
tools/validate-svg-changes.shView on unpkgPackage ships high-entropy non-source blobs.
build/site/pagefind/wasm.unknown.pagefindView on unpkgPackage ships compressed or archive-like blobs.
build/site/pagefind/wasm.unknown.pagefindView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView on unpkgHardcoded password in src/skills-lib/graphify/SKILL.md
src/skills-lib/graphify/SKILL.mdView on unpkg · L527