Hi —
Automated security scan flagged what appears to be a hardcoded Mailchimp API key committed to your public repo. I'm not posting the key here for responsible-disclosure reasons.
Please contact me at Raffa@Lictor-AI.com and I'll send the exact file/line + redacted excerpt.
The fix is two steps:
- Rotate the Mailchimp key NOW (their dashboard → API keys → revoke + create new)
git filter-repo to scrub the old key from repo history
- Move the new key to an env var / secrets manager, NEVER commit it
A note: this came from an automated scan I manually verified before reaching out. If we're wrong (test/sandbox key, already-rotated), reply and we'll close out. No blame intended.
Want this scan for your own projects? https://lictorai.com/scan
— Raffa
Lictor AI · https://lictorai.com
Hi —
Automated security scan flagged what appears to be a hardcoded Mailchimp API key committed to your public repo. I'm not posting the key here for responsible-disclosure reasons.
Please contact me at Raffa@Lictor-AI.com and I'll send the exact file/line + redacted excerpt.
The fix is two steps:
git filter-repoto scrub the old key from repo historyA note: this came from an automated scan I manually verified before reaching out. If we're wrong (test/sandbox key, already-rotated), reply and we'll close out. No blame intended.
Want this scan for your own projects? https://lictorai.com/scan
— Raffa
Lictor AI · https://lictorai.com