critical
suspicious.dangerous_exec
- Location
- scripts/check-bootstrap.js:27
- Finding
- Shell command execution detected (child_process).
Openclaw Zulip Bridge
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
Findings (4)
critical
suspicious.dangerous_exec
- Location
- scripts/check-package.js:49
- Finding
- Shell command execution detected (child_process).
critical
suspicious.exposed_secret_literal
- Location
- src/onboarding.ts:115
- Finding
- File appears to expose a hardcoded API secret or token.
critical
suspicious.exposed_secret_literal
- Location
- test/accounts.test.ts:74
- Finding
- File appears to expose a hardcoded API secret or token.