Back to plugin

Security audit

Agent Identity

Security checks across malware telemetry and agentic risk

Overview

This plugin is purpose-aligned for identity and credential management, but it should be reviewed because degraded mode can skip auth checks while credential injection may still run.

Review this before installing in any shared or production agent. Confirm degraded mode fails closed, restrict or disable the local identity server, use least-privileged credentials, and inspect the static secret findings before trusting it with real account tokens.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_resource_identifier, suspicious.exposed_secret_literal (+1 more)

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/src/services/identity-credentials.js:93
Evidence
let ak = opts.accessKeyId ?? process.env[ENV_AK] ?? "";

Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.

Critical
Code
suspicious.exposed_resource_identifier
Location
dist/src/services/identity-client.d.ts:32
Evidence
* Plain-text region id from this URL (e.g. http://100.96.0.96/latest/region_id).

Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.

Critical
Code
suspicious.exposed_resource_identifier
Location
dist/src/types.d.ts:22
Evidence
* Plain-text region id metadata URL (e.g. http://100.96.0.96/latest/region_id).

Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.

Critical
Code
suspicious.exposed_resource_identifier
Location
openclaw.plugin.json:20
Evidence
"description": "GET this URL for plain-text region id (e.g. http://100.96.0.96/latest/region_id). When endpoint is unset, builds https://id.{region}.volcenginea...

Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.

Critical
Code
suspicious.exposed_resource_identifier
Location
README-cn.md:110
Evidence
- `regionMetadataUrl`(可选):返回 **纯文本 region id**(如 `cn-beijing`)的 HTTP(S) URL。仅当 **未配置 `endpoint`** 时使用:客户端拼接 `https://id.{region}.volcengineapi.com`。单次请求约 10s 超时...

Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.

Critical
Code
suspicious.exposed_resource_identifier
Location
README.md:110
Evidence
- `regionMetadataUrl` (optional): HTTP(S) URL that returns a **plain-text region id** (e.g. `cn-beijing`). Used only when `endpoint` is **unset**: the client bu...

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:214
Evidence
clientSecret: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/actions/identity-actions.js:87
Evidence
accessToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/risk/diagnose-risk.js:31
Evidence
apiKey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/routes/oidc-login.js:56
Evidence
clientSecret: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/services/identity-client.js:262
Evidence
accessToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/services/oidc-client.js:124
Evidence
const accessToken = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/services/session-refresh.js:60
Evidence
clientSecret: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/utils/sts-signer.js:150
Evidence
const authorization = [REDACTED](accessKeyId, credentialScope, signedHeadersStr, signature);

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:20
Evidence
"description": "GET this URL for plain-text region id (e.g. http://100.96.0.96/latest/region_id). When endpoint is unset, builds https://id.{region}.volcenginea...