registry  /  zam-core  /  0.8.0

zam-core@0.8.0

The Symbiotic Learning Kernel: Elevating Human Intelligence through AI Collaboration.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 937 KB of source, external domains: api.github.com, bildungsserver.berlin-brandenburg.de, cuvo.nibis.de, dev.azure.com, fachportal.lernnetz.de, github.com, kultusministerium.hessen.de, lehrplaene.bildung-rp.de, lehrplannavigator.nrw.de, lisa.sachsen-anhalt.de, ollama.com, opencode.ai, rustup.rs, www.bildung-mv.de, www.bildungsplaene-bw.de, www.hamburg.de, www.lehrplanplus.bayern.de, www.lis.bremen.de, www.saarland.de, www.schulportal-thueringen.de, www.schulportal.sachsen.de

Source & flagged code

5 flagged · loading source
dist/index.jsView file
452}, L453: async exec(sql) { L454: await run([{ type: "sequence", sql }]);
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L452
4189} L4190: function generatePowerShellHooks(monitorFile, sessionId) { L4191: return `
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L4189
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L120
120import { dirname, join } from "path"; L121: var DEFAULT_CREDENTIALS_PATH = join(homedir(), ".zam", "credentials.json"); L122: function loadCredentials(path) { ... L125: try { L126: return JSON.parse(readFileSync(p, "utf-8")); L127: } catch { ... L138: } L139: if (process.platform !== "win32" && (path === void 0 || createdDirectory)) { L140: chmodSync(dir, 448); ... L231: }; L232: const wiqlRes = await fetch(wiqlUrl, { L233: method: "POST",
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L120
dist/cli/index.jsView file
19934console.error( L19935: ` ${C3.cyan}winget install Rustlang.Rustup${C3.reset} (or https://rustup.rs)` L19936: ); ... L19940: if (process.platform !== "win32") return true; L19941: const pf86 = process.env["ProgramFiles(x86)"] || "C:\\Program Files (x86)"; L19942: const vswhere = join22( ... L19948: if (!existsSync23(vswhere)) return false; L19949: const res = spawnSync( L19950: vswhere,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli/index.jsView on unpkg · L19934

Findings

4 High4 Medium6 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/cli/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings