critical
suspicious.dangerous_exec
- Location
- scripts/wallet.mjs:110
- Finding
- Shell command execution detected (child_process).
Sponge Wallet
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
Findings (3)
critical
suspicious.env_credential_access
- Location
- scripts/wallet.mjs:37
- Finding
- Environment variable access combined with network send.
warn
suspicious.potential_exfiltration
- Location
- scripts/wallet.mjs:50
- Finding
- Sensitive-looking file read is paired with a network send.