critical
suspicious.secret_argv_exposure
- Location
- SKILL.md:41
- Finding
- Instructions pass high-value credentials through process argv.
Twitter User Profile API
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.secret_argv_exposure
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Another local user or process could potentially observe the JustOneAPI token while the command is running and use it outside this skill.
Why it was flagged
The instructions pass a high-value API token as a command-line argument, which can be visible to local process inspection tools even though the credential itself is purpose-aligned.
Skill content
node {baseDir}/bin/run.mjs --operation "getTwitterUserDetailV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"restId":"<restId>"}'Recommendation
Prefer a helper that reads JUST_ONE_API_TOKEN directly from the environment instead of accepting it through argv, and rotate the token if you suspect it was exposed.