Environment variable access combined with network send.
- Code
- suspicious.env_credential_access
- Location
- dist/src/challenge.js:35
- Evidence
const url = process.env.TRUKYC_RELAY_URL ?? "";
Security audit
Security checks across malware telemetry and agentic risk
TruClaw is a coherent approval-guardrail plugin, but it sends sensitive approval and tool-call details to external services in ways that are not fully disclosed and its pairing link effectively grants approval authority.
Review this carefully before installing. If you use it, pair only from a private session, assume tool commands and invoked script contents may be sent to Anthropic, and consider self-hosting the relay. Do not use it for highly sensitive environments until the publisher documents all external data flows, removes the third-party QR-link exposure or makes it local, and adds clear pairing confirmation/revocation controls.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
const url = process.env.TRUKYC_RELAY_URL ?? "";
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";
const url = process.env.TRUKYC_RELAY_URL ?? "";
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";
const url = process.env.TRUKYC_RELAY_URL ?? "";
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";
const url = process.env.TRUKYC_RELAY_URL ?? "";
const RELAY_URL = process.env.TRUKYC_RELAY_URL ?? "";