critical
suspicious.dynamic_code_execution
- Location
- dist/x402_tron_invoke.js:30830
- Finding
- Dynamic code execution detected.
tron-x402-payment
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dynamic_code_execution, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
Findings (4)
critical
suspicious.env_credential_access
- Location
- dist/x402_tron_invoke.js:21722
- Finding
- Environment variable access combined with network send.
critical
suspicious.exposed_secret_literal
- Location
- dist/x402_tron_invoke.js:23459
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.obfuscated_code
- Location
- dist/x402_tron_invoke.js:2813
- Finding
- Potential obfuscated payload detected.