Context-Inappropriate Capability
High
- Confidence
- 99% confidence
- Finding
- The skill includes a hard-coded ClawHub token directly in a batch publishing script. Embedding credentials in distributable documentation is dangerous because anyone who reads, copies, or logs the file can reuse the token to publish content, access account-scoped actions, or abuse the associated ClawHub account.
