Back to plugin
Pluginv0.2.4
Static analysis security
Plugin · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousMar 25, 2026, 5:31 AM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticaldist/index.mjs:10
Shell command execution detected (child_process).
`)}var tn=J(()=>{A();L();$e();We()});L();import{existsSync as Is}from"node:fs";import{resolve as Cs}from"node:path";import{checkLicense as Ds}from"./lib/license...criticaldist/index.mjs:2
Environment variable access combined with network send.
var sn=Object.defineProperty;var J=(n,e)=>()=>(n&&(e=n(n=0)),e);var Oe=(n,e)=>{for(var t in e)sn(n,t,{get:e[t],enumerable:!0})};import{execSync as on}from"node:...warndist/index.mjs:2
File read combined with network send (possible exfiltration).
var sn=Object.defineProperty;var J=(n,e)=>()=>(n&&(e=n(n=0)),e);var Oe=(n,e)=>{for(var t in e)sn(n,t,{get:e[t],enumerable:!0})};import{execSync as on}from"node:...