critical
suspicious.dangerous_exec
- Location
- dist/index.mjs:3959
- Finding
- Shell command execution detected (child_process).
- Evidence
const match = TRACE_PARENT_REGEX.exec(traceParent);
Oversee Agent Management
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
Findings (4)
critical
suspicious.env_credential_access
- Location
- dist/index.mjs:2130
- Finding
- Environment variable access combined with network send.
- Evidence
const processEnv = (0, environment_1.parseEnvironment)(process.env);
critical
suspicious.exposed_secret_literal
- Location
- dist/index.mjs:57274
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
privateKey: [REDACTED]
warn
suspicious.potential_exfiltration
- Location
- dist/index.mjs:6382
- Finding
- Sensitive-looking file read is paired with a network send.
- Evidence
const result = await fs_1.promises.readFile("/etc/hostid", { encoding: "utf8" });