File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- scripts/bring.sh:12
Security audit
Security checks across malware telemetry and agentic risk
The skill set is mostly coherent, but it includes powerful staff/admin workflows and a review helper that defaults to unsandboxed full-access execution.
Install only in a trusted ClawHub staff/developer context. Review the `autoreview` helper before use, prefer `--no-yolo` unless full-access nested review is truly intended, and confirm that any admin or migration command targets the right account, package, deployment, and data before approving it.
VirusTotal findings are pending for this skill version.
Detected: suspicious.exposed_secret_literal