Back to plugin
Pluginv0.1.1
Static analysis security
Guild · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousMar 30, 2026, 10:39 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticaldist/cli/guild.js:732
Shell command execution detected (child_process).
const statusJson = execSync("npx supabase status --output json 2>/dev/null", { encoding: "utf-8" });criticaldist/cli/guild.js:113
Environment variable access combined with network send.
|| process.env.SUPABASE_SERVICE_ROLE_KEY
warndist/cli/guild.js:299
File read combined with network send (possible exfiltration).
const raw = fs.readFileSync(configPath, "utf-8");
warndist/hooks/compaction-flush.js:16
File read combined with network send (possible exfiltration).
import { readFile } from "node:fs/promises";