alt Hacker NewsIf you read the PR, the bad issues are in a few extensions, not the bot itself. The unencrypted oAuth token isn't really a big deal. It should be fixed but its a "if this box is compromised" type thing. Given the nature of clawdbot, you are probably throwing it on a random computer/vps you don't really care about (I hope) without access to anything critical.
Replies
cmorgan31 • today at 3:58 AM
You know, as the rest of us do, that someone has already thrown it loose in the same place where they store their banking information. Oh well, lessons will be learned about containers.
lmeyerov • today at 5:09 AM
they're 100% advocating to use it to do things, such as with all your accounts
You're talking about if a box is compromised, but to clarify, this is hard coded into the source in the repo, not an end-user's credentials (and it's a `client_id` and `client_secret`, not a token): https://github.com/clawdbot/clawdbot/blob/7187c3d06765c9d3a7...