Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- src/api.ts:5
- Evidence
const BASE_URL = process.env.SCRAPEBADGER_API_URL || "https://scrapebadger.com";
Security audit
Security checks across malware telemetry and agentic risk
ScrapeBadger appears to be a coherent scraping API plugin, but it will send your ScrapeBadger API key and requested URLs/searches to the ScrapeBadger service.
Before installing, make sure you trust ScrapeBadger with the URLs and searches you ask it to process, set only the intended SCRAPEBADGER_API_KEY, and verify that SCRAPEBADGER_API_URL is not pointed at an unexpected service. No artifact-backed malicious behavior was found in the provided visible source.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
const BASE_URL = process.env.SCRAPEBADGER_API_URL || "https://scrapebadger.com";