registry  /  zam-core  /  0.6.1

zam-core@0.6.1

The Symbiotic Learning Kernel: Elevating Human Intelligence through AI Collaboration.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 704 KB of source, external domains: api.deepseek.com, api.github.com, dev.azure.com, github.com, ollama.com, opencode.ai, rustup.rs

Source & flagged code

5 flagged · loading source
dist/index.jsView file
452}, L453: async exec(sql) { L454: await run([{ type: "sequence", sql }]);
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L452
3718} L3719: function generatePowerShellHooks(monitorFile, sessionId) { L3720: return `
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L3718
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L120
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L120
dist/cli/index.jsView file
14079console.error( L14080: ` ${C3.cyan}winget install Rustlang.Rustup${C3.reset} (or https://rustup.rs)` L14081: ); ... L14085: if (process.platform !== "win32") return true; L14086: const pf86 = process.env["ProgramFiles(x86)"] || "C:\\Program Files (x86)"; L14087: const vswhere = join22( ... L14093: if (!existsSync23(vswhere)) return false; L14094: const res = spawnSync( L14095: vswhere,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli/index.jsView on unpkg · L14079

Findings

4 High4 Medium6 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/cli/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings