critical
suspicious.dangerous_exec
- Location
- src/daemon/server.ts:311
- Finding
- Shell command execution detected (child_process).
ClawChat - P2P Agent Communication
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal, suspicious.generated_source_template_injection
Findings (5)
critical
suspicious.exposed_secret_literal
- Location
- src/__tests__/identity.test.ts:107
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- src/cli.ts:62
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- src/identity/keys.ts:112
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.generated_source_template_injection
- Location
- skills/clawchat/examples/README.md:46
- Finding
- User-controlled placeholder is embedded directly into generated source code.