Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Skill content
const v = process.env[envVar];
Memory (LanceDB, per-Agent)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
apiKey: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const apiKey = [REDACTED]();
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const apiKey = [REDACTED](options.remote?.apiKey, "remote.apiKey") ||
VirusTotal
60/60 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.