Openclaw Qqbot 2026.5.19.Tgz

AdvisoryAudited by Static analysis on May 20, 2026.

Overview

Detected: suspicious.exposed_secret_literal

Findings (4)

critical

suspicious.exposed_secret_literal

Location: dist/channel-CD_RD3Ro.js:397
Finding: File appears to expose a hardcoded API secret or token.
Evidence: clientSecret: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/config-schema-S5Xdt1tV.js:232
Finding: File appears to expose a hardcoded API secret or token.
Evidence: clientSecret: [REDACTED],

critical

suspicious.exposed_secret_literal

Location: dist/gateway-C5NbXHnt.js:3156
Finding: File appears to expose a hardcoded API secret or token.
Evidence: const authorization = [REDACTED]({

critical

suspicious.exposed_secret_literal

Location: dist/runtime-Dcl6gcEg.js:1751
Finding: File appears to expose a hardcoded API secret or token.
Evidence: clientSecret: [REDACTED]