critical
suspicious.exposed_secret_literal
- Location
- dist/channel-DhEeY6pk.js:1184
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
privateKey: [REDACTED],
Openclaw Nostr 2026.5.19.Tgz
AdvisoryAudited by Static analysis on May 20, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (4)
critical
suspicious.exposed_secret_literal
- Location
- dist/config-schema-TI8Kr8Vn.js:52
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
privateKey: [REDACTED]().optional(),
critical
suspicious.exposed_secret_literal
- Location
- dist/setup-plugin-api.js:85
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const privateKey = [REDACTED]?.trim();
critical
suspicious.exposed_secret_literal
- Location
- dist/setup-surface-BEpiebD3.js:88
- Finding
- File appears to expose a hardcoded API secret or token.
- Evidence
const privateKey = [REDACTED](nostrCfg?.privateKey) ?? "";