registry  /  zam-core  /  0.7.2

zam-core@0.7.2

The Symbiotic Learning Kernel: Elevating Human Intelligence through AI Collaboration.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 894 KB of source, external domains: api.github.com, bildungsserver.berlin-brandenburg.de, cuvo.nibis.de, dev.azure.com, fachportal.lernnetz.de, github.com, kultusministerium.hessen.de, lehrplaene.bildung-rp.de, lehrplannavigator.nrw.de, lisa.sachsen-anhalt.de, ollama.com, opencode.ai, rustup.rs, www.bildung-mv.de, www.bildungsplaene-bw.de, www.hamburg.de, www.lehrplanplus.bayern.de, www.lis.bremen.de, www.saarland.de, www.schulportal-thueringen.de, www.schulportal.sachsen.de

Source & flagged code

5 flagged · loading source
dist/index.jsView file
452}, L453: async exec(sql) { L454: await run([{ type: "sequence", sql }]);
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L452
4032} L4033: function generatePowerShellHooks(monitorFile, sessionId) { L4034: return `
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L4032
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L120
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L120
dist/cli/index.jsView file
18877console.error( L18878: ` ${C3.cyan}winget install Rustlang.Rustup${C3.reset} (or https://rustup.rs)` L18879: ); ... L18883: if (process.platform !== "win32") return true; L18884: const pf86 = process.env["ProgramFiles(x86)"] || "C:\\Program Files (x86)"; L18885: const vswhere = join22( ... L18891: if (!existsSync23(vswhere)) return false; L18892: const res = spawnSync( L18893: vswhere,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli/index.jsView on unpkg · L18877

Findings

4 High4 Medium6 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/cli/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings