Hi π
Automated scan from Lictor flagged a pattern that looks like a Firebase / Google service-account JSON in your public repo. I verified the pattern matches; I did not verify exploitability against your live project.
- What I saw: a JSON block with
"type":"service_account" + private_key_id shape.
- Why it might matter: if real, this key grants full GCP/Firebase project access until manually revoked.
- What to check: the file the scan flagged β reply here (or email Raffa@Lictor-AI.com) and I'll send the exact path + line privately. If it's a sample/test/already-revoked, just say so and I'll close out.
Either way β thank you for the work you do on this repo. π
β Raffa Β· Lictor (open-source, Apache 2.0)
Hi π
Automated scan from Lictor flagged a pattern that looks like a Firebase / Google service-account JSON in your public repo. I verified the pattern matches; I did not verify exploitability against your live project.
"type":"service_account"+private_key_idshape.Either way β thank you for the work you do on this repo. π
β Raffa Β· Lictor (open-source, Apache 2.0)