Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/perplexity.js:86
- Evidence
const configPath = process.env.OPENCLAW_CONFIG ?? path.join(os.homedir(), ".openclaw", "openclaw.json");
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed OpenRouter search plugin that sends user search queries to OpenRouter and uses an OpenRouter API key for that purpose.
Install only if you are comfortable sending search queries, optional location hints, and returned raw OpenRouter payloads through OpenRouter, and if you accept that each tool run may use OpenRouter credits. Avoid entering sensitive prompts unless your OpenRouter account and logging/retention expectations are appropriate for that data.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
const configPath = process.env.OPENCLAW_CONFIG ?? path.join(os.homedir(), ".openclaw", "openclaw.json");
const configPath = process.env.OPENCLAW_CONFIG ?? path.join(os.homedir(), ".openclaw", "openclaw.json");