critical
suspicious.env_credential_access
- Location
- dist/index.js:114
- Finding
- Environment variable access combined with network send.
- Evidence
if (!process.env.WS_NO_BUFFER_UTIL) {
Telnyx TTS Provider
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (2)
critical
suspicious.exposed_secret_literal
- Location
- dist/index.js:3817
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
apiKey: [REDACTED](providerConfig, cfg),