File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- skill.js:10
Security audit
Security checks across malware telemetry and agentic risk
The artifact appears to be a ClawHub development repository with disclosed maintainer workflows, and no evidence of hidden execution, exfiltration, or malicious behavior was found.
Install or use this only if you intend to work on ClawHub development or maintainer tasks. Review the repo-local skills and scripts before running them, especially moderation, deploy, review, and worker commands, because they can use local credentials or make authenticated changes when invoked.
59/59 vendors flagged this skill as clean.
Detected: suspicious.exposed_secret_literal