remyroy
commented
1 month ago Using of the the flag where you input a mnemonic or a password from the CLI could also be an interesting case where most CLI or shells have a feature to store the history of commands in a file somewhere. I'm not sure we can do a lot beside just warning about it.
Forward from
The 2020 Audit of staking-deposit-cli mentioned a task to properly clear the terminal buffer and clipboard to prevent the possibility of leaking the mnemonic. This was investigated by Carl and he has concerns around cross-platform solutions.
Ultimately it may not be possible to resolve this for every usecase but something that should be investigated as is a likely output from any future audit.