critical
suspicious.exposed_secret_literal
- Location
- dist/src/auth.js:165
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
access_token: [REDACTED],
Openclaw Otto Travel
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
Detected: suspicious.exposed_secret_literal