Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
OpenClaw RPA
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a plausible RPA automation skill, but it needs careful review because it stores/reuses login cookies and API keys, can replay broad browser/API actions, and weakens TLS/browser safety defaults.
Install only if you understand and accept the credential and automation risks. Before replaying tasks, inspect the generated Python, avoid storing real secrets in scripts, protect or delete saved cookie files, keep TLS verification and browser sandboxing enabled where possible, and require manual confirmation for purchases, POST requests, or other account-changing actions.
Static analysis
Insecure tls verification
Warn
- Finding
- HTTPS certificate verification is disabled.
Insecure tls verification
Warn
- Finding
- HTTPS certificate verification is disabled.
Obfuscated code
Warn
- Finding
- Potential obfuscated payload detected.
VirusTotal
1/46 vendors flagged this skill as malicious, and 45/46 flagged it as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A generated RPA script may contain live API keys and can keep using those keys outside the original chat session.
Why it was flagged
The skill documents writing real API secrets into persistent generated Python scripts, increasing the chance of key leakage through files, backups, sharing, or git commits.
Skill content
代码生成器检测到 `env` 字段后,会把真实密钥**直接写入生成脚本**——回放时**无需 `export`**,脚本可直接运行。
Recommendation
Prefer environment variables or a secret manager, use least-privilege API keys, never commit generated scripts containing secrets, and rotate keys after testing.
What this means
Anyone or any script with access to those cookie files may be able to act as the logged-in user without re-entering a password, OTP, CAPTCHA, or QR login.
Why it was flagged
The skill persists authenticated session cookies on disk and automatically reuses them for future recordings and replays.
Skill content
`#rpa-login-done` → 自动导出 Cookie,保存到 `~/.openclaw/rpa/sessions/passport.ctrip.com/cookies.json` ... 录制/回放时自动注入 Cookie
Recommendation
Use this only with accounts you are allowed to automate, protect the session directory with strict file permissions, avoid sensitive accounts, and delete or refresh saved cookies when no longer needed.
What this means
A replayed script could submit forms, modify third-party data, trigger purchases, or call authenticated APIs exactly as recorded.
Why it was flagged
The skill exposes broad raw API mutation capability and direct replay of saved automations without artifact-shown per-run approval for high-impact actions.
Skill content
**HTTP API** | `GET` / `POST` any REST endpoint ... `#rpa-run:{task name}` ... run one directlyRecommendation
Inspect generated scripts before replay, separate read-only from write actions, require manual confirmation for POST/submit/checkout steps, and use test accounts where possible.
What this means
Network attackers or misconfigured proxies could intercept or alter API responses, and API keys sent through those requests may be exposed.
Why it was flagged
HTTPS certificate verification is disabled for an HTTP client in code associated with the recorder/API flow.
Skill content
async with httpx.AsyncClient(timeout=_t, verify=False) as hc:
Recommendation
Enable TLS verification by default, remove verify=False, and require an explicit user-controlled opt-out only for local testing.
What this means
This may bypass site automation controls or violate site terms, and no-sandbox increases the local impact of a malicious webpage opened by the automation.
Why it was flagged
Generated scripts hide Playwright automation signals and disable Chromium sandboxing by default.
Skill content
args=["--no-sandbox", "--disable-blink-features=AutomationControlled"] ... `Object.defineProperty(navigator, 'webdriver', {get: () => undefined})`Recommendation
Do not use this on sites that forbid automation, remove stealth settings unless explicitly needed and permitted, and keep Chromium sandboxing enabled for normal desktop use.