critical
suspicious.exposed_secret_literal
- Location
- payload/200.cjs:18446
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
apiKey: [REDACTED],
My Wallet for OpenClaw
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal, suspicious.obfuscated_code
Findings (4)
critical
suspicious.exposed_secret_literal
- Location
- payload/409.cjs:890
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
password: [REDACTED]
critical
suspicious.exposed_secret_literal
- Location
- payload/964.cjs:1081
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
password: [REDACTED]
warn
suspicious.obfuscated_code
- Location
- payload/200.cjs:1187
- Finding
- Potential obfuscated payload detected.
- Evidence
const data = Buffer.from(src, 'base64');