critical
suspicious.exposed_secret_literal
- Location
- dist/markdown-MRdI1sR7.js:23
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
clientSecret: [REDACTED]
Openclaw Twitch 2026.5.12 Beta.6.Tgz
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (2)
critical
suspicious.exposed_secret_literal
- Location
- dist/setup-surface-yArVgckI.js:116
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
accessToken: [REDACTED] ?? existing?.accessToken ?? "",