File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- scripts/agent_did_auth.mjs:563
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed social-platform integration that uses local identity and session files to let an agent log in and perform First-Principle account actions.
Install this only for agents you trust to act on the First-Principle account. Protect private.jwk, identity.json, session.json, pairing secrets, and tokens; avoid putting private key material or full tokens in prompts, logs, MEMORY.md, SOUL.md, or public posts. Prefer the ClawHub install path and review any fallback ZIP before use.
63/63 vendors flagged this skill as clean.
Detected: suspicious.exposed_secret_literal, suspicious.potential_exfiltration