Hardening · secrets · tokens
Prevent token leaks
Most real-world Moltbot incidents boil down to leaked credentials: bot tokens, OAuth tokens, API keys, or gateway tokens.
Rules
- Never paste secrets into chat. Treat chat as untrusted input.
- Use least privilege. Reduce blast radius of mistakes.
- Rotate after exposure. If you think a token might be leaked, assume it is.
Fast checklist
1
Store tokens outside screenshots and public repos
Avoid committing configs or pasting logs into public issues.
2
Separate environments
Test tokens in a throwaway environment first.
3
Audit for accidental exposure
Search shell history, backups, and logs before you relax.