critical
suspicious.exposed_secret_literal
- Location
- docs/brain-sync-architecture.md:39
- Finding
- File appears to expose a hardcoded API secret or token.
whatisxlistening.to
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
A user installing a music dashboard could unintentionally receive unrelated agent behavior, scripts, and documentation with much broader authority.
Why it was flagged
The top-level artifact for the evaluated skill is a workspace inventory, not a scoped whatisxlistening-to skill file; it shows unrelated local skills bundled or referenced in the package.
Skill content
## Local / Unpublished ... `auto-updater` ... `findmy-location` ... `second-brain` ... `self-improving-agent`
Recommendation
Repackage only the whatisxlistening-to skill files with its own current SKILL.md, and remove workspace-level files before publishing.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone with access to the package could use these credentials to access or alter private synced notes if the service is reachable.
Why it was flagged
The artifact exposes live-looking CouchDB admin credentials for a private Obsidian/brain-sync database, unrelated to the declared Last.fm purpose.
Skill content
Admin User: `admin` - Admin Password: `97gYy7MzaxFMvI0IuyOJ5khu` - Database: `obsidian`
Recommendation
Remove the credentials from the package, rotate the CouchDB password immediately, and use a secret manager or environment variables instead.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If invoked, the agent could use a local account credential to mutate a remote knowledge store outside the user’s music-dashboard request.
Why it was flagged
This bundled script reads a local Keychain credential and can create, update, or delete remote Ensue memories, but the evaluated skill metadata declares no credentials and this is not needed for Last.fm.
Skill content
API_KEY=$(security find-generic-password -a "clawdbot" -s "ensue-api-key" -w 2>/dev/null || true) ... create_memory ... update_memory ... delete_memory
Recommendation
Remove this script from the skill package, or make it a separate clearly declared integration with explicit user approval and scoped credentials.
ConcernHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Private notes or agent memory could be copied into persistent remote memory and later reused as context beyond the original task.
Why it was flagged
The script scans local Obsidian knowledge files and pushes selected note contents into a remote embedded memory service; this broad persistent knowledge sync is unrelated to Last.fm.
Skill content
find "$OBSIDIAN_VAULT/Knowledge" -name "*.md" -type f ... grep -q "ensue_sync: *true" ... create_memory ... "embed":true
Recommendation
Exclude memory-sync code from this skill, and require explicit path limits, approval, retention rules, and clear disclosure for any knowledge-base synchronization.
ConcernHigh Confidence
ASI10: Rogue AgentsWhat this means
A background job could change installed agent code and skills without per-update review, affecting future behavior across tasks.
Why it was flagged
The package includes instructions for persistent autonomous updates of the agent and all installed skills, which is outside the stated Last.fm dashboard purpose.
Skill content
This skill sets up a daily cron job that: ... Updates Clawdbot itself ... Updates all installed skills (via `clawdhub update --all`)
Recommendation
Do not bundle auto-update behavior with this skill; make it a separate opt-in skill with dry-run review and clear rollback guidance.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If set up, any local process or agent able to call localhost:9090 could click or type into applications on the user’s Mac.
Why it was flagged
The documentation provides a local HTTP API for UI clicks and keystrokes with Accessibility privileges; this is powerful system automation and unrelated to a Last.fm dashboard.
Skill content
server:setPort(9090) ... path == "/type" ... hs.eventtap.keyStrokes(data.text) ... path == "/key" ... hs.eventtap.keyStroke(data.modifiers or {}, data.key)Recommendation
Do not install or enable this UI automation as part of the Last.fm skill; if needed separately, add authentication, narrow commands, and require user approval for sensitive actions.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A music-dashboard install could expose the agent to contact-location workflows and Apple account context the user did not expect.
Why it was flagged
The package includes an unrelated Find My location-tracking skill that depends on Apple account access and sensitive physical-location data.
Skill content
Track shared contacts via Apple Find My with street-corner accuracy. ... iCloud account signed in on your Mac ... Location sharing enabled
Recommendation
Remove the Find My skill from this package and publish it separately with explicit privacy warnings, permission requirements, and user-directed invocation.