critical
suspicious.env_credential_access
- Location
- scripts/_lib.mjs:6
- Finding
- Environment variable access combined with network send.
tmrland-business-demo
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (11)
critical
suspicious.env_credential_access
- Location
- scripts/upload-file.mjs:6
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- references/api-keys-api.md:123
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/apparatus-api.md:365
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/businesses-api.md:23
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/contracts-api.md:93
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/error-codes.md:268
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/messages-api.md:23
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/notifications-api.md:27
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/user-api.md:23
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- references/wallet-api.md:25
- Finding
- File appears to expose a hardcoded API secret or token.