Codex

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Findings (6)

critical

suspicious.dangerous_exec

Location: dist/client-BGbqC7jk.js:69
Finding: Shell command execution detected (child_process).
Evidence: return spawn(invocation.command, invocation.args, {

critical

suspicious.exposed_secret_literal

Location: dist/config-ByrA30No.js:77
Finding: File appears to expose a hardcoded API secret or token.
Evidence: const authToken = [REDACTED](config.authToken);

critical

suspicious.exposed_secret_literal

Location: dist/provider-catalog.js:73
Finding: File appears to expose a hardcoded API secret or token.
Evidence: apiKey: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/provider-discovery.js:27
Finding: File appears to expose a hardcoded API secret or token.
Evidence: apiKey: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/provider.js:56
Finding: File appears to expose a hardcoded API secret or token.
Evidence: apiKey: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/shared-client-Dfk3Enm-.js:106
Finding: File appears to expose a hardcoded API secret or token.
Evidence: accessToken: [REDACTED],