Spaces:

mlabonne
/

llm-auto-eval

Sleeping

⚠️ You might be exposing a secret token, is this intended?

by token-scanner - opened Jan 20

Jan 20

Please check Space app file as you might be exposing a secret token.
We recommend you to use Repository secrets (env variables) in your Space settings. Afterwards, you can use it like:

import os
SECRET_TOKEN = os.getenv("SECRET_TOKEN")

Read more here. Once this is fixed, we strongly advise you to invalidate or delete your secret so that no one else can use it. In case of a Hugging Face token, you can do this in your settings.

mlabonne

Owner Jan 20

It's fine, good bot

mlabonne changed discussion status to closed Jan 20

gblazex

Jan 20

•

edited Jan 20

i think it's sensitive to ALL strings starting with 'hf_'

I had this problem when grabbing all models via HfApi and wanted to upload it as dataset.
Some models were named 'hf_something...' and it thought I exposed private access tokens.

mlabonne

Owner Jan 21

Haha good to know thanks!

Upload images, audio, and videos by dragging in the text input, pasting, or clicking here.

Tap or paste here to upload images

· Sign up or log in to comment