critical
suspicious.env_credential_access
- Location
- dist/src/challenge.js:35
- Finding
- Environment variable access combined with network send.
- Evidence
const url = process.env.TRUKYC_RELAY_URL ?? "";
Truclaw
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (8)
critical
suspicious.env_credential_access
- Location
- dist/src/guardrail.js:4
- Finding
- Environment variable access combined with network send.
- Evidence
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";
critical
suspicious.env_credential_access
- Location
- dist/src/handler.js:13
- Finding
- Environment variable access combined with network send.
- Evidence
const url = process.env.TRUKYC_RELAY_URL ?? "";
critical
suspicious.env_credential_access
- Location
- dist/src/verify.js:6
- Finding
- Environment variable access combined with network send.
- Evidence
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";
critical
suspicious.env_credential_access
- Location
- src/challenge.ts:62
- Finding
- Environment variable access combined with network send.
- Evidence
const url = process.env.TRUKYC_RELAY_URL ?? "";
critical
suspicious.env_credential_access
- Location
- src/guardrail.ts:5
- Finding
- Environment variable access combined with network send.
- Evidence
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";
critical
suspicious.env_credential_access
- Location
- src/handler.ts:16
- Finding
- Environment variable access combined with network send.
- Evidence
const url = process.env.TRUKYC_RELAY_URL ?? "";
critical
suspicious.env_credential_access
- Location
- src/verify.ts:21
- Finding
- Environment variable access combined with network send.
- Evidence
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";