critical
suspicious.dangerous_exec
- Location
- index.js:214
- Finding
- Shell command execution detected (child_process).
Evolver 1.32.2
AdvisoryAudited by Static analysis on May 15, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
Findings (20)
critical
suspicious.dangerous_exec
- Location
- scripts/build_public.js:170
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/generate_history.js:17
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/publish_public.js:13
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/recover_loop.js:54
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- scripts/suggest_version.js:27
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/evolve.js:451
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/gep/llmReview.js:70
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/gep/solidify.js:67
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/ops/health_check.js:20
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/ops/lifecycle.js:27
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/ops/self_repair.js:17
- Finding
- Shell command execution detected (child_process).
critical
suspicious.dangerous_exec
- Location
- src/ops/skills_monitor.js:96
- Finding
- Shell command execution detected (child_process).
critical
suspicious.env_credential_access
- Location
- index.js:129
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- src/gep/a2aProtocol.js:75
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- src/gep/hubSearch.js:73
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- src/gep/issueReporter.js:21
- Finding
- Environment variable access combined with network send.
critical
suspicious.env_credential_access
- Location
- src/gep/memoryGraphAdapter.js:77
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- test/sanitize.test.js:12
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.potential_exfiltration
- Location
- src/gep/a2aProtocol.js:424
- Finding
- Sensitive-looking file read is paired with a network send.