critical
suspicious.exposed_secret_literal
- Location
- dist/config.js:31
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
env.GOOGLE_API_KEY = [REDACTED]();
Gralkor Memory (OpenClaw)
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
Detected: suspicious.exposed_secret_literal