File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/store.js:9
- Evidence
this.authToken = [REDACTED]?.trim() ?? "";
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to do what it claims: it uses a Sentry auth token to provide read-only Sentry organization, project, and issue triage tools.
Before installing, make sure you are comfortable giving OpenClaw a Sentry token, because the agent will be able to read Sentry organization, project, and issue information available to that token. Use the narrow scopes recommended by the plugin, such as org:read and event:read, and verify that baseUrl is either https://sentry.io or your trusted self-hosted Sentry instance.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
this.authToken = [REDACTED]?.trim() ?? "";
this.authToken = [REDACTED]?.trim() ?? "";