Back to plugin
Pluginv2026.3.22
Static analysis security
Matrix · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousMar 23, 2026, 10:59 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticalsrc/matrix/deps.ts:71
Shell command execution detected (child_process).
const proc = spawn(command, args, {criticalsrc/matrix/client/config.ts:105
Environment variable access combined with network send.
env: NodeJS.ProcessEnv = process.env,
warnsrc/matrix/sdk.test.ts:1432
File read combined with network send (possible exfiltration).
const persisted = JSON.parse(fs.readFileSync(recoveryKeyPath, "utf8")) as {