ClawHub

Raven Transfer

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.env_credential_access

Location
tests/contract-live.test.mjs:6
Finding
Environment variable access combined with network send.
critical

suspicious.exposed_secret_literal

Location
tests/unit-normalizers.test.mjs:171
Finding
File appears to expose a hardcoded API secret or token.