ClawHub

Wechat Mp Publish

AdvisoryAudited by Static analysis on May 8, 2026.

Overview

Detected: suspicious.exposed_secret_literal, suspicious.secret_argv_exposure

Findings (3)

critical

suspicious.exposed_secret_literal

Location
ENCRYPTION.md:127
Finding
File appears to expose a hardcoded API secret or token.
critical

suspicious.exposed_secret_literal

Location
scripts/wechat/api_client.py:292
Finding
File appears to expose a hardcoded API secret or token.
critical

suspicious.secret_argv_exposure

Location
ENCRYPTION.md:53
Finding
Instructions pass high-value credentials through process argv.