critical
suspicious.exposed_secret_literal
- Location
- dist/discovery.js:210
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const bearerToken = [REDACTED] ?? await generateBearerTokenFromIam({
Openclaw Amazon Bedrock Mantle Provider 2026.5.19.Tgz
AdvisoryAudited by Static analysis on May 20, 2026.
Overview
Detected: suspicious.exposed_secret_literal