You're talking about if a box is compromised, but to clarify, this is hard coded into the source in the repo, not an end-user's credentials (and it's a `client_id` and `client_secret`, not a token): https://github.com/clawdbot/clawdbot/blob/7187c3d06765c9d3a7...
Wild. There are 300 open Github issues. One of them is this (also AI generated) security report: https://github.com/clawdbot/clawdbot/issues/1796 claiming findings of hundreds of high-risk issues, including examples of hard coded, unencrypted OAuth credentials.
I don't feel like they owe me a refund in principle, at the end of the day I paid for subscription-free software and they delivered it, and I'm happy to do that exchange. I just don't like the changes and the future direction and that I won't be receiving updates to the one I'm currently using.
Not happy. I recently purchased the whole suite and now not only is it now free (didn't need to purchase it), but it's no longer even what I want. And it doesn't work on iPad until they finish whatever rewrite, when cross-platform + apple pencil niceness was a huge draw.
Sure, it's free -- but it's no longer the same product with the same priorities.