Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- src/lib/gift-proof-helpers.js:45
- Evidence
export function resolveBasememeApiToken(options = {}, env = process.env) {
Security audit
Security checks across malware telemetry and agentic risk
Basememe AI appears aligned with its crypto-trading purpose, but it can use a stored wallet private key to make irreversible Base mainnet transactions and its credential requirements are under-declared.
Install only if you are comfortable giving this skill access to a dedicated low-balance wallet on Base mainnet. Pin the package version, configure credentials only for this skill, quote or dry-run first, require manual confirmation for every write command, and revoke allowances when finished.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
export function resolveBasememeApiToken(options = {}, env = process.env) {const bearer = [REDACTED](options);