codex-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    49:             // Build command arguments with v0.75.0+ features
    50:             const selectedModel = model ||
>>> 51:                 process.env[CODEX_DEFAULT_MODEL_ENV_VAR] ||
    52:                 DEFAULT_CODEX_MODEL;
    53:             const effectiveCallbackUri = callbackUri || process.env.CODEX_MCP_CALLBACK_URI;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: };
    10: const isStructuredContentEnabled = () => {
>>> 11:     const raw = process.env.STRUCTURED_CONTENT_ENABLED;
    12:     if (!raw)
    13:         return false;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27:         mockedExecuteCommand.mockClear();
    28:         process.env.STRUCTURED_CONTENT_ENABLED = '1';
>>> 29:         delete process.env.CODEX_MCP_CALLBACK_URI;
    30:     });
    31:     test('should use exec for new session without codex session ID', async () => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    26:         handler = new CodexToolHandler(sessionStorage);
    27:         mockedExecuteCommand.mockClear();
>>> 28:         process.env.STRUCTURED_CONTENT_ENABLED = '1';
    29:         delete process.env.CODEX_MCP_CALLBACK_URI;
    30:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     let originalStructuredContent;
    13:     beforeAll(() => {
>>> 14:         originalStructuredContent = process.env.STRUCTURED_CONTENT_ENABLED;
    15:     });
    16:     afterAll(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:     afterAll(() => {
    17:         if (originalStructuredContent) {
>>> 18:             process.env.STRUCTURED_CONTENT_ENABLED = originalStructuredContent;
    19:         }
    20:         else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19:         }
    20:         else {
>>> 21:             delete process.env.STRUCTURED_CONTENT_ENABLED;
    22:         }
    23:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30:             stderr: '',
    31:         });
>>> 32:         process.env.STRUCTURED_CONTENT_ENABLED = '1';
    33:     });
    34:     test('should build enhanced prompt correctly', async () => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     let originalStructuredContent;
    13:     beforeAll(() => {
>>> 14:         originalStructuredContent = process.env.STRUCTURED_CONTENT_ENABLED;
    15:     });
    16:     afterAll(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:     afterAll(() => {
    17:         if (originalStructuredContent) {
>>> 18:             process.env.STRUCTURED_CONTENT_ENABLED = originalStructuredContent;
    19:         }
    20:         else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19:         }
    20:         else {
>>> 21:             delete process.env.STRUCTURED_CONTENT_ENABLED;
    22:         }
    23:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30:             stderr: '',
    31:         });
>>> 32:         process.env.STRUCTURED_CONTENT_ENABLED = '1';
    33:         delete process.env.CODEX_MCP_CALLBACK_URI;
    34:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    31:         });
    32:         process.env.STRUCTURED_CONTENT_ENABLED = '1';
>>> 33:         delete process.env.CODEX_MCP_CALLBACK_URI;
    34:     });
    35:     test('should use gpt-5.3-codex as default model when no model specified', async () => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    110:     });
    111:     test('should use CODEX_DEFAULT_MODEL environment variable when set', async () => {
>>> 112:         const originalEnv = process.env.CODEX_DEFAULT_MODEL;
    113:         process.env.CODEX_DEFAULT_MODEL = 'gpt-4';
    114:         try {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    111:     test('should use CODEX_DEFAULT_MODEL environment variable when set', async () => {
    112:         const originalEnv = process.env.CODEX_DEFAULT_MODEL;
>>> 113:         process.env.CODEX_DEFAULT_MODEL = 'gpt-4';
    114:         try {
    115:             await handler.execute({ prompt: 'Test with env var' });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    124:         finally {
    125:             if (originalEnv) {
>>> 126:                 process.env.CODEX_DEFAULT_MODEL = originalEnv;
    127:             }
    128:             else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    127:             }
    128:             else {
>>> 129:                 delete process.env.CODEX_DEFAULT_MODEL;
    130:             }
    131:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132:     });
    133:     test('should prioritize explicit model over environment variable', async () => {
>>> 134:         const originalEnv = process.env.CODEX_DEFAULT_MODEL;
    135:         process.env.CODEX_DEFAULT_MODEL = 'gpt-4';
    136:         try {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    133:     test('should prioritize explicit model over environment variable', async () => {
    134:         const originalEnv = process.env.CODEX_DEFAULT_MODEL;
>>> 135:         process.env.CODEX_DEFAULT_MODEL = 'gpt-4';
    136:         try {
    137:             await handler.execute({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    149:         finally {
    150:             if (originalEnv) {
>>> 151:                 process.env.CODEX_DEFAULT_MODEL = originalEnv;
    152:             }
    153:             else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    152:             }
    153:             else {
>>> 154:                 delete process.env.CODEX_DEFAULT_MODEL;
    155:             }
    156:         }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19:         }
    20:         else {
>>> 21:             delete process.env.STRUCTURED_CONTENT_ENABLED;
    22:         }
    23:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    25:         const child = spawn(file, escapedArgs, {
    26:             shell: isWindows,
>>> 27:             env: envOverride ? { ...process.env, ...envOverride } : process.env,
    28:             stdio: ['pipe', 'pipe', 'pipe'],
    29:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    95:             shell: isWindows, // Use shell on Windows to inherit PATH correctly
    96:             env: options.envOverride
>>> 97:                 ? { ...process.env, ...options.envOverride }
    98:                 : process.env,
    99:             stdio: ['pipe', 'pipe', 'pipe'],

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    96:             env: options.envOverride
    97:                 ? { ...process.env, ...options.envOverride }
>>> 98:                 : process.env,
    99:             stdio: ['pipe', 'pipe', 'pipe'],
    100:         });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    274:             // Add model parameter via config
    275:             const selectedModel = model ||
>>> 276:                 process.env[CODEX_DEFAULT_MODEL_ENV_VAR] ||
    277:                 DEFAULT_CODEX_MODEL;
    278:             cmdArgs.push('-c', `model="${selectedModel}"`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    51:                 process.env[CODEX_DEFAULT_MODEL_ENV_VAR] ||
    52:                 DEFAULT_CODEX_MODEL;
>>> 53:             const effectiveCallbackUri = callbackUri || process.env.CODEX_MCP_CALLBACK_URI;
    54:             let cmdArgs;
    55:             if (useResume && codexConversationId) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    55:         server = spawn(process.execPath, [distPath], {
    56:             env: {
>>> 57:                 ...process.env,
    58:                 PATH: `${stubDir}${path.delimiter}${process.env.PATH}`,
    59:                 CODEX_MCP_CALLBACK_URI: 'http://localhost/callback',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    56:             env: {
    57:                 ...process.env,
>>> 58:                 PATH: `${stubDir}${path.delimiter}${process.env.PATH}`,
    59:                 CODEX_MCP_CALLBACK_URI: 'http://localhost/callback',
    60:                 STRUCTURED_CONTENT_ENABLED: '1',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     let originalStructuredContent;
    13:     beforeAll(() => {
>>> 14:         originalStructuredContent = process.env.STRUCTURED_CONTENT_ENABLED;
    15:     });
    16:     afterAll(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:     afterAll(() => {
    17:         if (originalStructuredContent) {
>>> 18:             process.env.STRUCTURED_CONTENT_ENABLED = originalStructuredContent;
    19:         }
    20:         else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19:         }
    20:         else {
>>> 21:             delete process.env.STRUCTURED_CONTENT_ENABLED;
    22:         }
    23:     });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    30:             stderr: '',
    31:         });
>>> 32:         process.env.STRUCTURED_CONTENT_ENABLED = '1';
    33:     });
    34:     test('should pass model parameter to codex CLI', async () => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16:     afterAll(() => {
    17:         if (originalStructuredContent) {
>>> 18:             process.env.STRUCTURED_CONTENT_ENABLED = originalStructuredContent;
    19:         }
    20:         else {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    12:     let originalStructuredContent;
    13:     beforeAll(() => {
>>> 14:         originalStructuredContent = process.env.STRUCTURED_CONTENT_ENABLED;
    15:     });
    16:     afterAll(() => {

Decoded base64 content: u����b��-�g)�)쵩e

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����b��-�g)�)쵩e

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { exec } from 'child_process';
    2: import { promisify } from 'util';
    3: // Mock chalk to avoid ESM issues in Jest

Decoded base64 content: �eN�%E�.�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �eN�%E�.�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �eN�%E�.�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { spawn } from 'child_process';
    2: import { chmodSync, existsSync, mkdtempSync, rmSync, writeFileSync } from 'fs';
    3: import { tmpdir } from 'os';

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    4: import path from 'path';
    5: import { promisify } from 'util';
>>> 6: import { exec } from 'child_process';
    7: import { CallToolResultSchema, ListToolsResultSchema, } from '@modelcontextprotocol/sdk/types.js';
    8: const execAsync = promisify(exec);

Decoded base64 content: �eN�%E�.�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��hq�a��q�em�$

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �eN�%E�.�Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: y��rدx&�����J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: y��rدx&�����J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: y��rدx&�����J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��z��*'�Ǭ�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: y��rدx&�����J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: y��rدx&�����J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { spawn } from 'child_process';
    2: import chalk from 'chalk';
    3: import { CommandExecutionError } from '../errors.js';

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    137:             resetSession: true,
    138:         });
>>> 139:         // Should use exec (not resume) and get new session ID
    140:         expect(mockedExecuteCommand).toHaveBeenCalledWith('codex', [
    141:             'exec',

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��$y�1y˭x*&���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    46: [![VS Code](https://img.shields.io/badge/VS_Code-Install-0098FF?style=flat-square&logo=visualstudiocode&logoColor=white)](https://vscode.dev/redirect/mcp/install?name=codex-cli&config=%7B%22type%22%3A%22stdio%22%2C%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22codex-mcp-server%22%5D%7D)
    47: [![VS Code Insiders](https://img.shields.io/badge/VS_Code_Insiders-Install-24bfa5?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=codex-cli&config=%7B%22type%22%3A%22stdio%22%2C%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22codex-mcp-server%22%5D%7D)
>>> 48: [![Cursor](https://img.shields.io/badge/Cursor-Install-00D8FF?style=flat-square&logo=cursor&logoColor=white)](https://cursor.com/en/install-mcp?name=codex&config=eyJ0eXBlIjoic3RkaW8iLCJjb21tYW5kIjoibnB4IC15IGNvZGV4LW1jcC1zZXJ2ZXIiLCJlbnYiOnt9fQ%3D%3D)
    49: 
    50: ## Tools

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.