Back to plugin
Pluginv0.1.5
Static analysis security
ClawXMemory · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 3, 2026, 8:48 AM
- Summary
- Detected: suspicious.env_credential_access
- Reason codes
- suspicious.env_credential_access
- Engine
- v2.2.0
Evidence
criticaldist/core/skills/llm-extraction.js:1527
Environment variable access combined with network send.
if (looksLikeEnvVarName(configured) && typeof process.env[configured] === "string" && process.env[configured]?.trim()) {criticalsrc/core/skills/llm-extraction.ts:2013
Environment variable access combined with network send.
if (looksLikeEnvVarName(configured) && typeof process.env[configured] === "string" && process.env[configured]?.trim()) {