⚠️ You might be exposing a secret token, is this intended?

#9
by token-scanner - opened

Please check Space app file as you might be exposing a secret token.
We recommend you to use Repository secrets (env variables) in your Space settings. Afterwards, you can use it like:

import os
SECRET_TOKEN = os.getenv("SECRET_TOKEN")

Read more here. Once this is fixed, we strongly advise you to invalidate or delete your secret so that no one else can use it. In case of a Hugging Face token, you can do this in your settings.

What effects does exposing a secret token have to users of the space?

Sign up or log in to comment