critical
suspicious.env_credential_access
- Location
- dist/index.js:412
- Finding
- Environment variable access combined with network send.
- Evidence
function assertEnvFlag(envKey, toolName, env = process.env) {
Proxmox
AdvisoryAudited by Static analysis on May 17, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.insecure_tls_verification
Findings (4)
critical
suspicious.env_credential_access
- Location
- dist/mcp-server.js:414
- Finding
- Environment variable access combined with network send.
- Evidence
function assertEnvFlag(envKey, toolName, env = process.env) {
warn
suspicious.insecure_tls_verification
- Location
- dist/index.js:54
- Finding
- HTTPS certificate verification is disabled.
- Evidence
this.dispatcher = new UndiciAgent({ connect: { rejectUnauthorized: false } });
warn
suspicious.insecure_tls_verification
- Location
- dist/mcp-server.js:56
- Finding
- HTTPS certificate verification is disabled.
- Evidence
this.dispatcher = new UndiciAgent({ connect: { rejectUnauthorized: false } });