critical
suspicious.dangerous_exec
- Location
- bitget-cli.js:89
- Finding
- Shell command execution detected (child_process).
Bitget Data
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
Findings (31)
critical
suspicious.dangerous_exec
- Location
- quick-start.js:112
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- setup-cron.js:28
- Finding
- Shell command execution detected (child_process).
critical
suspicious.env_credential_access
- Location
- cancel-all-orders.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- check-balance.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-avax-matic.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-btc-grid.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-eth-xrp.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-eth.js:9
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-grids.js:11
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-simple.js:11
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- start-sol.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- test-api-debug.js:10
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- analyze-coins.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- apply-scheme-a-final.js:16
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- cancel-all-btc.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- cancel-all.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- check-prices.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- debug-orders.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- optimize-strategy.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- rebalance.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- stop-btc-grid.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test-eth-grid.js:14
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- use-sdk.js:17
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.insecure_tls_verification
- Location
- analyze-strategy.js:66
- Finding
- HTTPS certificate verification is disabled.
warn
suspicious.insecure_tls_verification
- Location
- cancel-all-orders.js:73
- Finding
- HTTPS certificate verification is disabled.
warn
suspicious.insecure_tls_verification
- Location
- check-balance.js:65
- Finding
- HTTPS certificate verification is disabled.
warn
suspicious.insecure_tls_verification
- Location
- optimize-grids.js:73
- Finding
- HTTPS certificate verification is disabled.
warn
suspicious.insecure_tls_verification
- Location
- start-eth-xrp.js:71
- Finding
- HTTPS certificate verification is disabled.
warn
suspicious.insecure_tls_verification
- Location
- start-grids.js:78
- Finding
- HTTPS certificate verification is disabled.
warn
suspicious.insecure_tls_verification
- Location
- test-grid-api.js:65
- Finding
- HTTPS certificate verification is disabled.