Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- lib/runtime.js:145
- Evidence
|| process.env.MAUTIC_ALLOW_MAINTENANCE_COMMANDS !== undefined
Security audit
Security checks across malware telemetry and agentic risk
The package is a coherent Mautic administration plugin with powerful but disclosed, purpose-aligned controls and no evidence of hidden persistence, exfiltration, or deceptive behavior.
Install this only for agents you trust to help administer a Mautic instance. Use least-privilege Mautic credentials, keep workspace and console options disabled unless needed, keep the console bridge private, and review any proposed create, update, delete, migration, or automation job before allowing it.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
|| process.env.MAUTIC_ALLOW_MAINTENANCE_COMMANDS !== undefined