File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/index.js:19
- Evidence
this.accessKey = [REDACTED];
Security audit
Security checks across malware telemetry and agentic risk
The reviewed artifact appears purpose-aligned and the supplied scanners reported no malicious or suspicious findings.
Install only if you intend to grant the tool normal ClawHub package-management authority. Review commands that publish, delete, moderate, or print stored tokens before running them, and keep any ClawHub token protected.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
this.accessKey = [REDACTED];
this.accessKey = [REDACTED];