ClawHub

Nadmail

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.potential_exfiltration

Findings (6)

critical

suspicious.env_credential_access

Location
scripts/inbox.js:14
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
scripts/register.js:22
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
scripts/send.js:22
Finding
Environment variable access combined with network send.
critical

suspicious.exposed_secret_literal

Location
scripts/register.js:169
Finding
File appears to expose a hardcoded API secret or token.
warn

suspicious.potential_exfiltration

Location
scripts/inbox.js:42
Finding
Sensitive-looking file read is paired with a network send.
warn

suspicious.potential_exfiltration

Location
scripts/send.js:135
Finding
Sensitive-looking file read is paired with a network send.