Security findings from ClawGuard static analysis

[ClawSafe]

Hi, I ran a ClawGuard security scan on this repository and found 8 issues (3 critical, 5 high).

Summary:

• Critical: 3 (credential harvesting, destructive shell patterns)
• High: 5 (dangerous exec patterns, debug env exposure)

I can share a detailed PDF report with exact file paths, line numbers, and remediation suggestions, just let me know.

Free scanner: https://github.com/hesoyam2221/clawguard
Full report sample: https://clawsafe.github.io

[ClawSafe]

Concrete finding from the scan:

Supply-chain risk in build
File: Dockerfile, Line 16
Pattern: curl -fsSLk (with -k disabling certificate verification) to download Node.js binary, no checksum or signature verification
Risk: The -k flag disables TLS certificate validation during download. Combined with no checksum verification, a MITM attacker could substitute a modified binary during build.

Remaining findings were documentation references and internal process management — excluded as non-actionable.

Scanner: https://github.com/hesoyam2221/clawguard (MIT licensed)