⚠️ You might be exposing a secret token, is this intended?

#2
by token-scanner - opened

Please check Space app file as you might be exposing a secret token.
We recommend you to use Repository secrets (env variables) in your Space settings. Afterwards, you can use it like:

import os
SECRET_TOKEN = os.getenv("SECRET_TOKEN")

Read more here. Once this is fixed, we strongly advise you to invalidate or delete your secret so that no one else can use it. In case of a Hugging Face token, you can do this in your settings.

It's fine, good bot

mlabonne changed discussion status to closed

i think it's sensitive to ALL strings starting with 'hf_'

I had this problem when grabbing all models via HfApi and wanted to upload it as dataset.
Some models were named 'hf_something...' and it thought I exposed private access tokens.

Haha good to know thanks!

Sign up or log in to comment