File appears to expose a hardcoded API secret or token.
- Code
- suspicious.exposed_secret_literal
- Location
- payload/200.cjs:18446
- Evidence
apiKey: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
This wallet bundle is purpose-aligned, but it should be reviewed carefully because it runs bundled Node MCP code, handles self-custodial wallet secrets and funds, persists wallet state locally, and static scanning flagged hardcoded secrets and obfuscated code.
Review this as a high-risk financial integration, not a simple informational skill. Only install it if you trust the publisher and understand that it can run local wallet code, persist wallet state, and handle seed/password material. Avoid using significant funds until the hardcoded-secret and obfuscation findings are explained or resolved, and require explicit confirmations for all transfers, swaps, signing, and approval/autonomy changes.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal, suspicious.obfuscated_code
apiKey: [REDACTED],
password: [REDACTED]
password: [REDACTED]
const data = Buffer.from(src, 'base64');