critical
suspicious.env_credential_access
- Location
- scripts/lib/vendor/bird-search/lib/twitter-client-base.js:38
- Finding
- Environment variable access combined with network send.
Last30days Skill
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (4)
critical
suspicious.exposed_secret_literal
- Location
- scripts/lib/vendor/bird-search/bird-search.mjs:96
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/lib/vendor/bird-search/lib/cookies.js:134
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/lib/vendor/bird-search/lib/twitter-client-base.js:19
- Finding
- File appears to expose a hardcoded API secret or token.