critical
suspicious.dangerous_exec
- Location
- scripts/flow-webapi/utils/load-browser-cookies.ts:152
- Finding
- Shell command execution detected (child_process).
Auto Free Banana
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (7)
critical
suspicious.dangerous_exec
- Location
- scripts/flow-webapi/utils/paths.ts:36
- Finding
- Shell command execution detected (child_process).
critical
suspicious.env_credential_access
- Location
- scripts/flow-webapi/utils/http.ts:41
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- scripts/flow-webapi/utils/load-browser-cookies.ts:97
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- scripts/flow-webapi/client.ts:55
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/flow-webapi/utils/get-auth-token.ts:74
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/flow-webapi/utils/load-browser-cookies.ts:388
- Finding
- File appears to expose a hardcoded API secret or token.