Skillv1.0.0

Static analysis security

TokenMail · Deterministic local checks for risky code patterns and metadata mismatches.

ReviewApr 30, 2026, 5:24 AM

Summary: Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
Reason codes: suspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.5

criticalscripts/tokenmail_cli_js.mjs:17

Environment variable access combined with network send.

suspicious.env_credential_access

criticalscripts/tokenmail_cli.js:9

Environment variable access combined with network send.

suspicious.env_credential_access

warnscripts/tokenmail_cli.js:185

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration