Environment variable access combined with network send.
- Code
- suspicious.env_credential_access
- Location
- dist/index.cjs:153
- Evidence
var env = process.env;
Security audit
Security checks across malware telemetry and agentic risk
This messaging plugin is mostly consistent with an IM-channel integration, but it needs review because it appears to ship a hardcoded authorization value and its encryption/security posture is not as clear as its branding suggests.
Review carefully before installing, especially on production accounts. Ask the publisher to clarify and remove any hardcoded Authorization/accessToken values, use least-privilege app credentials, verify all service endpoints, and set encryptionMode to quantum_only if you require all messages to be encrypted.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.obfuscated_code
var env = process.env;
var env = process.env;
accessToken: [REDACTED],
const response = await http2.post(url, data, { headers: { Authorization: [REDACTED] } });accessToken: [REDACTED],
req.end(Buffer.from(jsonStringify(options, this.options.replacer), "utf8"));
req.end(Buffer.from(jsonStringify(options, this.options.replacer), "utf8"));