Octo

Security checks across static analysis, malware telemetry, and agentic risk

Overview

No risk analysis has been recorded yet.

Static analysis

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: const makeParse = new Function(`${names_1.default.scope}`, sourceCode);

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: const makeSerialize = new Function(`${names_1.default.scope}`, sourceCode);

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: const makeValidate = new Function(`${N.self}`, `${N.scope}`, sourceCode)

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: const makeParse = new Function(`${N.scope}`, sourceCode)

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: const makeSerialize = new Function(`${N.scope}`, sourceCode)

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: var makeValidate = new Function(

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: (e=>{"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):("undefined"!=typeof window?wind...

Dynamic code execution

Critical

Finding: Dynamic code execution detected.
Skill content: var makeValidate = new Function(

Env credential access

Critical

Finding: Environment variable access combined with network send.
Skill content: const {GH_TOKEN_PUBLIC} = process.env

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: SecretKey: [REDACTED],

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: Authorization: '[REDACTED] Credential=ABCDEF/20121226/us-east-1/sqs/aws4_request, ...'

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: const password = [REDACTED](__classPrivateFieldGet(this, _encryptionKey), initializationVector.toString(), 10000, 32, 'sha512');

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: SecretKey: [REDACTED] || this.options.SecretKey || '',

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: if ([REDACTED] && !this.options.SecretKey) this.options.SecretKey = [REDACTED];

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: var consumer_secret_or_private_key = [REDACTED] || oa.oauth_private_key // eslint-disable-line camelcase

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Skill content: SecretKey: [REDACTED],

Prompt injection instructions

Warn

Finding: Prompt-injection style instruction pattern detected.
Skill content: - "Ignore previous instructions and..."

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Risk analysis

No visible risk-analysis findings were reported for this release.