File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- src/channel.ts:296
- Evidence
password: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
The artifacts describe a coherent Odoo connector, but it will act with your Odoo credentials, can automatically post or update configured Odoo records, and persists queued messages locally.
Before installing, treat this as a business-system integration with real Odoo authority: use a dedicated least-privilege Odoo API user, keep the webhook secret strong and private, restrict routes to safe methods, make custom methods idempotent, and secure the OpenClaw state directory and telemetry backend.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
password: [REDACTED],
password: [REDACTED],
password: [REDACTED],
password: [REDACTED],