Remove hardcoded API key from playground/test.py (CWE-798)#70
Open
sebastiondev wants to merge 1 commit intoBAI-LAB:mainfrom
Open
Remove hardcoded API key from playground/test.py (CWE-798)#70sebastiondev wants to merge 1 commit intoBAI-LAB:mainfrom
sebastiondev wants to merge 1 commit intoBAI-LAB:mainfrom
Conversation
The file memoryos-playground/test.py contained a hardcoded OpenAI API key (sk-7VaFJu...) that was committed to source control. This is a credential leak — anyone with repository access could extract and abuse the key. Replace the hardcoded value with an empty string placeholder, consistent with the pattern used in memoryos-pypi/test.py and memoryos-mcp/memoryos/test.py which already use empty placeholders. The key owner should rotate the exposed credential immediately.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
memoryos-playground/test.pycontains a hardcoded API key for the OpenAI-compatible proxy atcn2us02.opapi.win. Because this repository is public, the key is exposed to anyone who clones, forks, or browses the repo — including automated secret-scanning bots, which typically discover and abuse such keys within minutes of being committed.memoryos-playground/test.py, line 8The vulnerability
The literal
sk-...value is a real-looking credential committed in plaintext. Any visitor to the public repo can copy it and issue requests against the configured proxy on the project owner's behalf, incurring usage costs and potentially exhausting quota for legitimate use.The fix
Replace the hardcoded literal with an empty string while keeping the existing
# Replace with your keycomment so the example still reads naturally:The diff is two lines (the second hunk is just a trailing-newline normalization). No behavior change for users who were already expected to supply their own key.
Testing
python -m py_compile memoryos-playground/test.py— passes.API_KEY, the OpenAI client will raise an authentication error at call time, which matches the existing "Replace with your key" expectation. Users who follow the comment and paste in their own key will get identical behavior to before.Security analysis
The exposure has no preconditions beyond "the repo is public." Automated GitHub key scanners routinely find and exploit keys matching the
sk-prefix pattern, so the practical exploitability is essentially immediate. Removing the literal fromHEADstops the bleeding for new clones, forks, and code-search hits.Important operational note for maintainers: the key remains in git history (it was introduced in an earlier commit). To fully mitigate, please rotate / revoke the key at the proxy provider in addition to merging this PR. History rewrite is optional but the rotation is essential — a code-only change cannot remove the secret from prior commits.
Adversarial review
Before submitting, we tried to disprove this finding: we considered whether the key might be a deliberately-published demo credential, a test fixture for a sandbox endpoint, or already-revoked. None of those hold up — the file is a real usage example pointing at a paid third-party proxy (
opapi.win), there is no README note marking the key as shared/demo, and the comment# Replace with your keymakes clear the author considered it a placeholder rather than a public sample. Whether the key is currently live or already abused doesn't change the correctness of removing it from source.cc @lewiswigmore