Back to plugin
Pluginv0.1.1
Static analysis security
Code Search · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 28, 2026, 9:51 PM
- Summary
- Detected: suspicious.env_credential_access
- Reason codes
- suspicious.env_credential_access
- Engine
- v2.4.2
Evidence
criticaldist/index.cjs:109
Environment variable access combined with network send.
function getConfig(env = process.env) {criticaldist/index.js:86
Environment variable access combined with network send.
function getConfig(env = process.env) {criticalindex.mjs:4
Environment variable access combined with network send.
const url = normalizeUrl(String(pluginConfig.url || process.env.CODE_SEARCH_API_URL || DEFAULT_URL));