B
85/100 First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
1
Score
85/100
HIGH 1
Findings (1)
HIGH
Environment variable exfiltration
L463 Detects attempts to read and transmit environment variables
process.env.SEND FIX
Validate that HTTP requests only send intended data. Block requests that embed file contents, environment variables, or credentials in URL parameters or request bodies to unknown hosts.
FP?
Likely FP if the matched text is an environment variable name that contains an HTTP verb (e.g., process.env.POST_URL) rather than an exfiltration pattern.