credential-scanner

clawhub:credential-scanner

View source

84/100

First Seen

Feb 19, 2026

Last Scanned

Feb 22, 2026

Findings

Score

84/100

MEDIUM 2

Findings (2)

MEDIUM

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access) NLP_HEADING_MISMATCH

prompt-injection L1

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access)

Detect 40+ secret patterns including:AWS Access Keys, Secret Keys, Session TokensAzure Storage Keys, Connection Strings, SAS TokensGCP Service Account Keys, API KeysGitHub / GitLab / Bitbucket Persona...

FIX

Ensure section headings accurately reflect the content that follows. Remove headings that could mislead an LLM into treating content differently than intended.

FP?

Likely FP if the heading mismatch is due to inconsistent markdown formatting or a benign section title that happens to contain keywords like system or config.

MEDIUM

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access) NLP_HEADING_MISMATCH

prompt-injection L161

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access)

#security #secrets #credentials #api-keys #tokens #passwords #scanner #audit #pre-commit #leak-detection #cloud #aws #azure #gcp #devops

FIX

Ensure section headings accurately reflect the content that follows. Remove headings that could mislead an LLM into treating content differently than intended.

FP?

Likely FP if the heading mismatch is due to inconsistent markdown formatting or a benign section title that happens to contain keywords like system or config.