Back to plugin
Pluginv1.5.11
Static analysis security
CLISHOP · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 6, 2026, 12:17 PM
- Summary
- Detected: suspicious.dynamic_code_execution, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dynamic_code_executionsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticaldist/mcp.cjs:2947
Dynamic code execution detected.
const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);criticaldist/mcp.cjs:17152
Environment variable access combined with network send.
return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || "";
warndist/mcp.cjs:18872
File read combined with network send (possible exfiltration).
readFile: retryify_async_default((0, import_node_util.promisify)(import_node_fs.default.readFile), RETRYIFY_OPTIONS),