registry  /  zam-core  /  0.6.2

zam-core@0.6.2

The Symbiotic Learning Kernel: Elevating Human Intelligence through AI Collaboration.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 734 KB of source, external domains: api.deepseek.com, api.github.com, dev.azure.com, github.com, ollama.com, opencode.ai, rustup.rs, www.lehrplanplus.bayern.de

Source & flagged code

5 flagged · loading source
dist/index.jsView file
452}, L453: async exec(sql) { L454: await run([{ type: "sequence", sql }]);
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L452
3795} L3796: function generatePowerShellHooks(monitorFile, sessionId) { L3797: return `
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L3795
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L120
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L120
dist/cli/index.jsView file
14879console.error( L14880: ` ${C3.cyan}winget install Rustlang.Rustup${C3.reset} (or https://rustup.rs)` L14881: ); ... L14885: if (process.platform !== "win32") return true; L14886: const pf86 = process.env["ProgramFiles(x86)"] || "C:\\Program Files (x86)"; L14887: const vswhere = join22( ... L14893: if (!existsSync23(vswhere)) return false; L14894: const res = spawnSync( L14895: vswhere,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli/index.jsView on unpkg · L14879

Findings

4 High4 Medium6 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/cli/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings