ClawHub

Hi Openclaw Plugin

AdvisoryAudited by Static analysis on May 13, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (4)

critical

suspicious.exposed_secret_literal

Location
dist/clients.js:27
Finding
File appears to expose a hardcoded API secret or token.
Evidence
clientSecret: [REDACTED],
critical

suspicious.exposed_secret_literal

Location
dist/tools/control.js:248
Finding
File appears to expose a hardcoded API secret or token.
Evidence
client_secret: [REDACTED],
critical

suspicious.exposed_secret_literal

Location
src/clients.ts:61
Finding
File appears to expose a hardcoded API secret or token.
Evidence
clientSecret: [REDACTED],
critical

suspicious.exposed_secret_literal

Location
src/tools/control.ts:275
Finding
File appears to expose a hardcoded API secret or token.
Evidence
client_secret: [REDACTED],