ClawHub

Clawshier

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Findings (3)

critical

suspicious.dangerous_exec

Location
lib/visionOcr.js:81
Finding
Shell command execution detected (child_process).
critical

suspicious.dangerous_exec

Location
test/pipeline-smoke.test.js:20
Finding
Shell command execution detected (child_process).
critical

suspicious.exposed_secret_literal

Location
lib/visionOcr.js:182
Finding
File appears to expose a hardcoded API secret or token.