ClawHub

clawsec-suite

AdvisoryAudited by Static analysis on May 16, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (1)

critical

suspicious.exposed_secret_literal

Location
scripts/sign_detached_ed25519.mjs:53
Finding
File appears to expose a hardcoded API secret or token.