File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/index.js:77
- Evidence
apiKey: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed PLaMo model-provider plugin that uses a PLaMo API key to send model requests to the configured provider endpoint.
Install only if you intend OpenClaw to route prompts and responses through Preferred Networks PLaMo. Provide PLAMO_API_KEY through OpenClaw’s normal onboarding or environment flow, and be careful with any custom provider endpoint override because it can change where model traffic is sent.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
apiKey: [REDACTED],
const apiKey = [REDACTED](PROVIDER_ID).apiKey ?? ctx.resolveProviderApiKey(PROVIDER_ID).apiKey;
const apiKey = [REDACTED](model, options);