File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/auth.js:153
- Evidence
access_token: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
This plugin clearly gives OpenClaw controlled access to the user's own eBay seller account, including sensitive order data and seller actions, with live-listing changes gated by default.
Install only if you intend to let OpenClaw operate your eBay seller account. Keep autoApprove off unless you deliberately want unattended live-listing actions, protect the local credentials and token files, and remember that order reads may show buyer personal information while soft writes execute immediately.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
access_token: [REDACTED],