Openclaw Brave Plugin 2026.5.12 Beta.6.Tgz

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.exposed_secret_literal

Location: dist/brave-web-search-provider-CGCUaRRN.js:74
Finding: File appears to expose a hardcoded API secret or token.
Evidence: if (options?.mirrorApiKeyToTopLevel && [REDACTED] !== void 0) next.apiKey = [REDACTED];

critical

suspicious.exposed_secret_literal

Location: dist/brave-web-search-provider.runtime-Zj1jGbhx.js:168
Finding: File appears to expose a hardcoded API secret or token.
Evidence: const apiKey = [REDACTED](searchConfig);