Skip to main content

Pre-Public-Release Security Audit

Date: 2026-02-08 Status: Pending remediation

Summary

SeverityCount
CRITICAL5
HIGH10
MEDIUM14
LOW6
Git history: Clean — no real secrets were ever committed. No git filter-branch / BFG cleanup needed.

What’s Already Good

  • .env is properly gitignored and was never committed
  • detect-secrets pre-commit hook configured with baseline
  • CI runs secret scanning via detect-secrets
  • Config redaction module (src/config/redact.ts) sanitizes output
  • Docker Compose uses ${VAR:-} env var references, no hardcoded secrets
  • SOUL.md, USER.md, MEMORY.md, TOOLS.md are NOT tracked
  • .001_ORIGINAL/ is properly gitignored
  • Dockerfile uses explicit COPY (not COPY . .)
  • Log redaction implemented and tested

CRITICAL Findings

C1. Partial ElevenLabs API key in tracked docs

  • File: docs/ongoing-projects/active-deploy_session01-14.md:464
  • Content: "apiKey": "sk_89c36ce3..."
  • Risk: Even truncated, this narrows brute-force space.
  • Action: Replace with "apiKey": "<redacted>". Rotate the ElevenLabs key.

C2. Real phone numbers in tracked docs

  • Files: docs/ongoing-projects/active-deploy.md:140, docs/ongoing-projects/voice-call-upstream-sync.md:373-374
  • Content: +972525936481 (personal Israeli mobile), +18164514915 (Twilio from number)
  • Action: Replace with placeholder E.164 numbers like +15550001234.

C3. Hardcoded personal Telegram user ID in source

  • Files: src/gateway/server-close.ts:13, src/gateway/server.impl.ts:475
  • Content: const RESTART_NOTIFY_USER_ID = "1415494277";
  • Risk: Anyone running the code notifies YOUR Telegram account on restart.
  • Action: Move to config/env var (e.g. CROCBOT_ADMIN_USER_ID).

C4. Real person name + phone number in test fixtures

  • Files: src/auto-reply/reply.raw-body.test.ts:52,157,208, src/auto-reply/reply/session.test.ts:117
  • Content: Jake McInteer + +6421807830
  • Risk: PII combination — real name linked to real phone number.
  • Action: Replace with John Doe + +15550001234.

C5. Additional real phone number in e2e test

  • File: src/gateway/server.agent.gateway-server-agent-a.e2e.test.ts:173
  • Content: +436769770569
  • Action: Replace with placeholder number.

HIGH Findings

H1. docs/ongoing-projects/ contains extensive PII

  • Files: 10 tracked files in docs/ongoing-projects/
  • Content: Home directory paths (/home/aiwithapex/...), ngrok domain (krox.ngrok.io), Telegram bot username (@KroxTheBot), Slack workspace IDs (T07M2GRLGC9, user U0AD8P1B63D), email (krox@aiwithapex.com), hostname (host=krox), ElevenLabs voice ID, real city name (Modiin Ilit).
  • Action: Either gitignore docs/ongoing-projects/ or scrub all PII.

H2. Hardcoded user paths in tracked skills

  • Files: skills/self-repair/SKILL.md:17-18,29,62, skills/nano-banana-pro/SKILL.md:12,16,21
  • Content: /home/aiwithapex/projects/crocbot, /home/aiwithapex/croc, /home/aiwithapex/.local/bin/claude
  • Action: Replace with relative paths or template variables.

H3. AGENTS.md instructs agents to read .env for credentials

  • File: AGENTS.md:10 (symlinked as CLAUDE.md and GEMINI.md)
  • Content: “Read .env in this repo — it contains credentials”
  • Action: Reword to “Copy .env.example to .env and fill in your own keys.”

H4. .github/FUNDING.yml sponsors upstream author

  • File: .github/FUNDING.yml:1
  • Content: custom: ['https://github.com/sponsors/steipete']
  • Action: Update or remove.

H5. .env.example is incomplete

  • Missing: OPENAI_API_KEY, BRAVE_API_KEY, NGROK_AUTHTOKEN, NGROK_DOMAIN, GOG_*
  • Action: Add all env vars with placeholder values.

H6. Real Tailscale hostname in test fixtures

  • Files: src/commands/gateway-status.test.ts:205,210,227, src/infra/ssh-config.test.ts:22,54, src/infra/widearea-dns.test.ts:36,41
  • Content: peters-mac-studio-1.sheep-coho.ts.net
  • Action: Replace with my-host.example-tailnet.ts.net.

H7. Personal email in security policy

  • File: docs/reference/security-policy.md:13
  • Content: steipete@gmail.com
  • Action: Use a project-specific email or GitHub security advisories.

H8. Personal email of contributor

  • File: docs/start/index.md:210
  • Content: nacho.iacovino@gmail.com
  • Action: Remove; GitHub handle @nachoiacovino is sufficient.

H9. Real ngrok domain in docs

  • Files: docs/ongoing-projects/voice-call-upstream-sync.md:376-377, docs/ongoing-projects/active-deploy.md:134,137
  • Content: krox.ngrok.io, webhook URL https://krox.ngrok.io/voice/webhook
  • Action: Replace with your-domain.ngrok.io.

H10. Real Telegram bot username and user ID in docs

  • Files: docs/ongoing-projects/active-deploy.md:13, docs/ongoing-projects/active-deploy_session01-14.md:108,173,206
  • Content: @KroxTheBot, "allowFrom": ["1415494277"]
  • Action: Replace with @YourBotName and YOUR_TELEGRAM_USER_ID.

MEDIUM Findings

M1. .gitignore gaps

  • Missing patterns: .env.* (only .env covered), *.pem, *.key, *.p12, credentials/, secrets/, *.log, .idea/, Thumbs.db
  • Action: Add missing patterns.

M2. GitHub App ID from upstream in workflows

  • Files: .github/workflows/labeler.yml:18, .github/workflows/auto-response.yml:18
  • Content: app-id: "2729701" (from upstream project)
  • Action: Update to your own GitHub App or switch to GITHUB_TOKEN.

M3. LICENSE credits only upstream author

  • File: LICENSE
  • Content: Copyright (c) 2025 Peter Steinberger
  • Action: Add Copyright (c) 2025-2026 [Your Name] above the original.

M4. .spec_system/ directory tracked (289 files)

  • Risk: Internal development session state, not useful to external contributors.
  • Action: Consider adding to .gitignore.

M5. Legacy upstream identifier in source

  • File: src/daemon/constants.ts:13
  • Content: com.steipete.crocbot.gateway
  • Action: Review if this constant is still needed; update domain if so.

M6. Invalid security email in docs

  • File: docs/gateway/security/index.md:694
  • Content: security@github.com/moshehbenavraham/crocbot (malformed)
  • Action: Fix to a real security contact email.

M7. Upstream test fixture paths and usernames

  • Files: Multiple test files
  • Content: /Users/steipete/.crocbot/, /Users/tyleryust/Library/Messages/, process.env.USER = "steipete", Peter-Mac-Studio, SenderName: "Peter Steinberger"
  • Action: Replace with generic test paths/names.

M8. Real WhatsApp group JID in docs and tests

  • Files: docs/concepts/channel-routing.md:60, docs/gateway/configuration.md:260, src/config/config.broadcast.test.ts:13,32
  • Content: 120363403215116621@g.us
  • Action: Replace with 123456789@g.us.

M9. crocbot@gmail.com in docs and tests

  • Files: docs/automation/gmail-pubsub.md (multiple lines), docs/gateway/configuration.md:2554, src/hooks/gmail.test.ts
  • Risk: May be a real Gmail address.
  • Action: Replace with you@gmail.com or example@gmail.com if not owned.

M10. Qwen OAuth client ID hardcoded

  • File: src/providers/qwen-portal-oauth.ts:6
  • Content: QWEN_OAUTH_CLIENT_ID = "f0304373b74a44d2b584a3fb70ca9e56"
  • Action: Consider moving to env var.

M11. .env not in .dockerignore

  • File: .dockerignore
  • Risk: Defense-in-depth; if Dockerfile ever uses COPY . ., secrets would leak.
  • Action: Add .env and .env.* (except .env.example) to .dockerignore.

M12. Deployment hostname in docs

  • File: docs/ongoing-projects/agent-system-technical.md:326
  • Content: host=krox
  • Action: Replace with host=example-host.

M13. Neon.tech connection string in extension docs

  • File: extensions/open-prose/skills/prose/state/postgres.md:198
  • Content: postgresql://user:pass@ep-name.us-east-2.aws.neon.tech/neondb
  • Action: Make endpoint more obviously fake: ep-example-123.

M14. Private IP that looks deployment-specific

  • File: docs/gateway/remote-gateway-readme.md:40
  • Content: 172.27.187.184
  • Action: Replace with RFC 5737 TEST-NET address like 192.0.2.1.

LOW Findings

L1. moshehbenavraham username throughout

Expected — this is the repo owner’s GitHub handle. URLs like github.com/moshehbenavraham/crocbot are intentional. No action needed.

L2. Test fixtures with fake secrets

src/config/redact.test.ts has sk-secret-key-123, super-secret-password, etc. Clearly fake. No action needed.

L3. Old Twilio sandbox number in git history

+17343367101 in a deleted .env.example. Low risk (no auth token). No action needed.

L4. ElevenLabs voice IDs in docs

Not secrets (public identifiers). No action needed.

L5. aiwithapex.mintlify.app docs URL in README

Reveals docs subdomain. Informational only.

L6. Self-signed test TLS cert+key in test file

  • File: src/gateway/client.test.ts:83-129
  • Test-only, localhost, expired 2026-01-21. Scanners will flag it but no real risk. No action needed.
#ActionFiles Affected
1Scrub or gitignore docs/ongoing-projects/ (covers C1, C2, H1, H9, H10)10 files
2Replace real names + phones in test fixtures (C4, C5)3 test files
3Move hardcoded Telegram user ID to config (C3)2 source files
4Replace hardcoded paths in skills (H2)2 skill files
5Reword AGENTS.md .env instruction (H3)AGENTS.md
6Replace Tailscale hostname in tests (H6)3 test files
7Fix security policy + contributor emails (H7, H8)2 doc files
8Update .gitignore with missing patterns (M1).gitignore
9Update .env.example completeness (H5).env.example
10Add .env to .dockerignore (M11).dockerignore
11Fix FUNDING.yml, LICENSE, workflow app-ids (H4, M2, M3)4 files
12Replace upstream PII in test fixtures (M7)Multiple test files
13Fix WhatsApp JID, gmail, security email (M8, M9, M6)Multiple files
14Consider gitignoring .spec_system/ (M4).spec_system/