Pluginv0.3.79

Static analysis security

liangzimixin · Deterministic local checks for risky code patterns and metadata mismatches.

SuspiciousApr 12, 2026, 6:05 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.2.0

criticalquantum-sdk/index.cjs:571

Shell command execution detected (child_process).

return splitPathRe.exec(filename).slice(1);

criticalindex.cjs:114

Environment variable access combined with network send.

if (!process.env.WS_NO_BUFFER_UTIL) {

criticalsetup-entry.cjs:114

Environment variable access combined with network send.

if (!process.env.WS_NO_BUFFER_UTIL) {

warnindex.cjs:18130

File read combined with network send (possible exfiltration).

const { readFile: readFile3 } = await import("fs/promises");

warnquantum-sdk/index.cjs:80

File read combined with network send (possible exfiltration).

var ret = fs5.readFileSync(filename);

warnsetup-entry.cjs:4201

File read combined with network send (possible exfiltration).

const { readFile: readFile3 } = await import("fs/promises");