critical
suspicious.dangerous_exec
- Location
- scripts/todolist_drive_folder_agent.mjs:208
- Finding
- Shell command execution detected (child_process).
Todolist Md Clawdbot Copy
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
Findings (7)
critical
suspicious.env_credential_access
- Location
- scripts/todolist_agent_entrypoint.mjs:192
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- scripts/todolist_drive_folder_agent.mjs:179
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- scripts/todolist_agent_entrypoint.mjs:198
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- scripts/todolist_drive_folder_agent.mjs:315
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.potential_exfiltration
- Location
- scripts/todolist_agent_entrypoint.mjs:157
- Finding
- Sensitive-looking file read is paired with a network send.
warn
suspicious.potential_exfiltration
- Location
- scripts/todolist_drive_folder_agent.mjs:100
- Finding
- Sensitive-looking file read is paired with a network send.