ClawHub

Openclaw Brave Plugin 2026.5.19.Tgz

AdvisoryAudited by Static analysis on May 20, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (2)

critical

suspicious.exposed_secret_literal

Location
dist/brave-web-search-provider-DlBesQRV.js:88
Finding
File appears to expose a hardcoded API secret or token.
Evidence
if (options?.mirrorApiKeyToTopLevel && [REDACTED] !== void 0) next.apiKey = [REDACTED];
critical

suspicious.exposed_secret_literal

Location
dist/brave-web-search-provider.runtime-Dd_WB4kT.js:169
Finding
File appears to expose a hardcoded API secret or token.
Evidence
const apiKey = [REDACTED](searchConfig);