Environment variable access combined with network send.
- Code
- suspicious.env_credential_access
- Location
- packages/shared/model-gateway/index.js:268
- Evidence
if (_testMode && process.env.NODE_ENV !== 'test') {
Security audit
Security checks across malware telemetry and agentic risk
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Install only if you are comfortable connecting your own model API key and any chosen chat-channel accounts. Use dedicated credentials, avoid entering unnecessary personal or highly sensitive NGO data, and review OpenClaw's audit-log storage and deletion controls before using it for real cases. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
if (_testMode && process.env.NODE_ENV !== 'test') {