critical
suspicious.exposed_secret_literal
- Location
- SKILL.md:52
- Finding
- File appears to expose a hardcoded API secret or token.
Japan Business Operations (EDITION)
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Requests and stored memory may not be clearly separated by user or account, and the shared token could be reused by anyone who has the skill text.
Why it was flagged
The skill provides a hardcoded shared bearer token rather than a declared or user-specific credential, so calls appear to run under a common beta identity.
Skill content
No API key required during Free Beta. ... Authorization: Bearer edition_dev_key_for_testing
Recommendation
Use user-specific API keys or OAuth, declare the credential requirement in metadata, and clearly document account isolation for all endpoints.
What this means
Sensitive business relationships, preferences, or plans could be stored externally and later recalled or influenced in future tasks without clear user control.
Why it was flagged
The artifact documents sending business/person-specific notes to an external persistent memory API with automatic extraction, but does not describe retention, deletion, namespace separation, or reuse limits.
Skill content
Persistent Memory ... /api/v1/memory/episodes ... "content": "Met with Tanaka-bucho. He prefers informal meetings.", "auto_extract": true
Recommendation
Require explicit user approval before storing memory, avoid sensitive content, and provide clear retention, deletion, tenant isolation, and retrieval-scope controls.
What this means
If enabled, the agent may execute third-party MCP server code beyond the instruction-only skill text reviewed here.
Why it was flagged
The optional MCP integration would download and run an npm package that is not pinned by version and whose code is not included in the reviewed artifact.
Skill content
For direct MCP integration (23 tools): npx -y edition-mcp-server
Recommendation
Inspect the npm package source, pin a trusted version, and only enable the MCP server if its requested tools and permissions are acceptable.