ClawHub

Obverse Payments

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.env_credential_access

Location
obverse-cli.js:10
Finding
Environment variable access combined with network send.
critical

suspicious.exposed_secret_literal

Location
obverse-cli.js:556
Finding
File appears to expose a hardcoded API secret or token.