critical
suspicious.dynamic_code_execution
- Location
- dist/index.js:6024
- Finding
- Dynamic code execution detected.
- Evidence
return new Function(""), !0;
Ai4Scholar
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution, suspicious.env_credential_access, suspicious.obfuscated_code
Findings (3)
critical
suspicious.env_credential_access
- Location
- dist/index.js:24924
- Finding
- Environment variable access combined with network send.
- Evidence
process.env.HOME ?? "~",
warn
suspicious.obfuscated_code
- Location
- dist/index.js:6200
- Finding
- Potential obfuscated payload detected.
- Evidence
return Uint8Array.fromBase64 ? Uint8Array.fromBase64(str) : stringToBytes(atob(str));