critical
suspicious.dangerous_exec
- Location
- scripts/install-openclaw-extension.mjs:143
- Finding
- Shell command execution detected (child_process).
- Evidence
const child = spawn(process.execPath, [scriptPath, ...args], {
Atomic Waha V3
AdvisoryAudited by Static analysis on May 19, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal
Findings (4)
critical
suspicious.exposed_secret_literal
- Location
- bin/atomic_waha_v3_cli.py:954
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
api_key = [REDACTED]("WAHA_API_KEY", session_name)
critical
suspicious.exposed_secret_literal
- Location
- dist/src/client.js:442
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const apiKey = [REDACTED];
critical
suspicious.exposed_secret_literal
- Location
- src/client.ts:698
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const apiKey = [REDACTED];