Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:10
- Evidence
function loadOwnNumbers(env = process.env) {
Security audit
Security checks across malware telemetry and agentic risk
This plugin coherently implements a disclosed outbound-message audit gate and does not show artifact-backed exfiltration or destructive behavior.
Install only if you want this plugin to intercept configured messaging channels, store message/draft content in a local ledger, and route held drafts into a reviewer agent session. Configure SWITCHBOARD_OWN_NUMBERS, SWITCHBOARD_STORE, and the audit session deliberately, and leave debug logging unset unless you are comfortable writing message snippets to disk.
57/57 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
function loadOwnNumbers(env = process.env) {const MAIN_SESSION = process.env.SWITCHBOARD_AUDIT_SESSION ?? "agent:main:main";