ClawHub

1688 Sourcing Inquiry

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (3)

critical

suspicious.exposed_secret_literal

Location
scripts/_const.py:98
Finding
File appears to expose a hardcoded API secret or token.
critical

suspicious.exposed_secret_literal

Location
scripts/callback_server.py:205
Finding
File appears to expose a hardcoded API secret or token.
critical

suspicious.exposed_secret_literal

Location
scripts/token_manager.py:53
Finding
File appears to expose a hardcoded API secret or token.