⚠️ You might be exposing a secret token, is this intended?

#3
by token-scanner - opened

Please check Space app file as you might be exposing a secret token.
We recommend you to use Repository secrets (env variables) in your Space settings. Afterwards, you can use it like:

import os
SECRET_TOKEN = os.getenv("SECRET_TOKEN")

Read more here. Once this is fixed, we strongly advise you to invalidate or delete your secret so that no one else can use it. In case of a Hugging Face token, you can do this in your settings.

Owner

It seems that this is another false positive, just like the situation with CodeGemma Space. I'm using an image for the Meta logo, which contains a 40-character alphanumeric string that resembles the format of a Cohere API key. As a result, the system might be alerting us to this similarity. cc: @osanseviero for viz.

Owner

Closing this issue as this is already addressed.

ysharma changed discussion status to closed

Sign up or log in to comment