critical
suspicious.exposed_secret_literal
- Location
- SKILL.md:32
- Finding
- File appears to expose a hardcoded API secret or token.
Hotdog
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
All users would call the API using the same exposed credential, which could tie activity to an unknown shared token and allow abuse if the token has broader permissions.
Why it was flagged
The skill embeds a bearer token directly in the curl command, while the metadata declares no credential requirement and does not explain the token's scope.
Skill content
-H "Authorization: Bearer ih1rtmC7ECm8iExqvI6zMbOAqEaXIi9X"
Recommendation
Rotate the token, avoid hardcoding secrets in SKILL.md, and use a declared per-user credential or a narrowly scoped public endpoint.
What this means
A food photo and classification details will be shared with the external service when the skill is used.
Why it was flagged
The skill sends the selected image plus the agent's model name, answer, and reasoning to the external Hotdog-or-Not API.
Skill content
curl -s -X POST "https://api.hotdogornot.xyz/api/arena/round" ... -F "image=@{{MediaPath}}" -F "claw_model={{Model}}" -F "claw_answer=ANSWER" -F "claw_reasoning=DESCRIPTION"Recommendation
Use the skill only with photos you are comfortable sending to the Hotdog-or-Not service, and review the service’s privacy/retention practices if the image may be sensitive.
What this means
Using the skill causes local command execution for network requests, though no unrelated shell commands or install scripts are shown.
Why it was flagged
The skill instructs the agent to execute curl commands; this is central to the stated API workflow and the endpoint is disclosed.
Skill content
exec: curl -s -X POST "https://api.hotdogornot.xyz/api/arena/vote/submit" ...
Recommendation
Keep execution limited to the displayed API calls and avoid modifying the command with untrusted arguments.