Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The script requires an API token via the --token command-line argument and then sends it in an HTTP header to a remote service. Passing secrets on the command line is unsafe because they are often exposed via shell history, process listings, CI logs, and telemetry, making credential leakage more likely even though the transmission itself is over HTTPS.
