Cartesia Speech

AdvisoryAudited by Static analysis on May 12, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.exposed_secret_literal

Location: dist/speech-provider.js:36
Finding: File appears to expose a hardcoded API secret or token.
Evidence: apiKey: [REDACTED](cfg.apiKey),

critical

suspicious.exposed_secret_literal

Location: README.md:77
Finding: File appears to expose a hardcoded API secret or token.
Evidence: export CARTESIA_API_KEY=[REDACTED]