Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- index.ts:167
- Evidence
svmPrivateKey: raw.svmPrivateKey || process.env.SVM_PRIVATE_KEY,
Security audit
Security checks across malware telemetry and agentic risk
OpenDexter is coherent for paid API access, but it can use wallet private keys to automatically spend USDC on agent-selected API calls.
Install only if you are comfortable letting the agent make wallet-funded API calls. Use a dedicated low-balance wallet, keep the per-call limit low, verify the facilitator and marketplace URLs, and require manual approval before any paid call.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
svmPrivateKey: raw.svmPrivateKey || process.env.SVM_PRIVATE_KEY,