Back to plugin
Pluginv2026.5.1
Static analysis security
Codex SDK Runtime · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
ReviewMay 1, 2026, 6:12 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
- Reason codes
- suspicious.dangerous_execsuspicious.exposed_secret_literal
- Engine
- v2.4.22
Evidence
criticalsrc/backchannel-server.test.ts:30
Shell command execution detected (child_process).
const child = spawn(process.execPath, [serverPath], {criticalsrc/backchannel-settings.mjs:122
File appears to expose a hardcoded API secret or token.
...([REDACTED] ? { password: [REDACTED] } : {}),criticalsrc/runtime.test.ts:333
File appears to expose a hardcoded API secret or token.
process.env.GITHUB_TOKEN = "[REDACTED]";