critical
suspicious.exposed_secret_literal
- Location
- README.md:566
- Finding
- File appears to expose a hardcoded API secret or token.
Praesidia
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone installing the skill needs to provide a Praesidia credential that may allow reading agent and guardrail data or performing permitted account actions.
Why it was flagged
The skill requires a Praesidia API key, which can authenticate API calls to the user's Praesidia account.
Skill content
metadata: {"openclaw":{"requires":{"env":["PRAESIDIA_API_KEY"]},"primaryEnv":"PRAESIDIA_API_KEY"}}Recommendation
Use a least-privilege Praesidia key if available, keep it out of shared logs or prompts, and revoke it if the skill is no longer needed.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If invoked, the assistant can make persistent changes to guardrail settings in the user's Praesidia organization.
Why it was flagged
The skill documents a mutating API call that creates or enables guardrails for an agent.
Skill content
POST ${PRAESIDIA_API_URL}/organizations/{orgId}/guardrails ... "agentId": "agent-id", "template": "PII_DETECTION", ... "isEnabled": trueRecommendation
Before allowing a guardrail change, confirm the organization, agent ID, template, scope, action, and whether the change should be enabled immediately.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Text submitted for guardrail validation may contain sensitive or private information and will be sent to the configured provider endpoint.
Why it was flagged
The validation workflow sends user-provided content to the configured Praesidia API endpoint.
Skill content
POST ${PRAESIDIA_API_URL}/organizations/{orgId}/guardrails/validate ... { "content": "Text to validate", "agentId": "agent-id", "scope": "INPUT" }Recommendation
Only validate content that the user intends to send to Praesidia, and use a trusted HTTPS API URL for production.
NoteMedium Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Users could over-rely on a score or verification result as a guarantee of safety.
Why it was flagged
The guidance may encourage strong trust conclusions from a trust score and verification status.
Skill content
Recommendation: This agent is fully verified and safe for production use.
Recommendation
Treat Praesidia trust scores as one input to a security decision, not as a complete guarantee that an agent is safe for every use case.