ClawHub

SUIROLL

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (4)

critical

suspicious.env_credential_access

Location
dist/utils/moltbook.js:13
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
src/utils/moltbook.ts:54
Finding
Environment variable access combined with network send.
critical

suspicious.exposed_secret_literal

Location
dist/utils/moltbook.js:125
Finding
File appears to expose a hardcoded API secret or token.
critical

suspicious.exposed_secret_literal

Location
src/utils/moltbook.ts:200
Finding
File appears to expose a hardcoded API secret or token.