OpenCode Chat Bot

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.exposed_secret_literal

Location: dist/dingtalk/client.js:71
Finding: File appears to expose a hardcoded API secret or token.
Evidence: clientSecret: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/runtime/bootstrap.js:181
Finding: File appears to expose a hardcoded API secret or token.
Evidence: OPENCODE_SERVER_PASSWORD: [REDACTED],