Static Scan Results
scanned 9d ago · by rust-scannerStatic analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
4 flagged · loading sourcesrc/tools/index.jsView file
2const path = require('path');
L3: const { spawn, execSync } = require('child_process');
L4:
High
2const path = require('path');
L3: const { spawn, execSync } = require('child_process');
L4:
...
L28: buildCloneUrl,
L29: getApiBaseUrl,
L30: listGitSecrets,
...
L245: function printTools(lang) {
L246: console.log(t(lang, 'Herramientas disponibles:', 'Available tools:'));
L247: for (const tool of TOOL_DEFINITIONS) {
High
Remote Agent Bridge
Source exposes local file and command tools to a remote model endpoint.
src/tools/index.jsView on unpkg · L2zyn.jsView file
1#!/usr/bin/env node
L2: const { main } = require('./src/cli/runtime');
L3: main().catch(err => {
Medium
src/providers/deepseek/sha3_wasm_bg.wasmView file
•path = src/providers/deepseek/sha3_wasm_bg.wasm
kind = wasm_module
sizeBytes = 26612
magicHex = [redacted]
Medium
Ships Wasm Module
Package ships WebAssembly modules.
src/providers/deepseek/sha3_wasm_bg.wasmView on unpkgFindings
3 High5 Medium4 Low
HighChild Processsrc/tools/index.js
HighShell
HighRemote Agent Bridgesrc/tools/index.js
MediumDynamic Requirezyn.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Modulesrc/providers/deepseek/sha3_wasm_bg.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings