ClawHub

KarmaBank

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (5)

critical

suspicious.env_credential_access

Location
scripts/circle-entity-secret.js:10
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
scripts/circle-entity-secret.ts:18
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
src/adapters/moltbook.ts:234
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
src/cli/adapters/moltbook.ts:76
Finding
Environment variable access combined with network send.
critical

suspicious.exposed_secret_literal

Location
SKILL.md:107
Finding
File appears to expose a hardcoded API secret or token.