critical
suspicious.dangerous_exec
- Location
- dist/cli.js:3523
- Finding
- Shell command execution detected (child_process).
- Evidence
nextDb.exec("PRAGMA journal_mode=WAL;");
mnemospark
AdvisoryAudited by Static analysis on May 16, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (7)
critical
suspicious.dangerous_exec
- Location
- dist/index.js:3568
- Finding
- Shell command execution detected (child_process).
- Evidence
nextDb.exec("PRAGMA journal_mode=WAL;");
critical
suspicious.dangerous_exec
- Location
- prepare.mjs:14
- Finding
- Shell command execution detected (child_process).
- Evidence
const syncResult = spawnSync(process.execPath, [syncScript], {
critical
suspicious.env_credential_access
- Location
- dist/cli.js:151
- Finding
- Environment variable access combined with network send.
- Evidence
const envPort = process.env.MNEMOSPARK_PROXY_PORT;
critical
suspicious.env_credential_access
- Location
- dist/index.js:196
- Finding
- Environment variable access combined with network send.
- Evidence
const envPort = process.env.MNEMOSPARK_PROXY_PORT;
critical
suspicious.exposed_secret_literal
- Location
- dist/cli.js:270
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
privateKey: [REDACTED],
critical
suspicious.exposed_secret_literal
- Location
- dist/index.js:315
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
privateKey: [REDACTED],