File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/src/types.js:31
- Evidence
apiKey: [REDACTED](cfg.apiKey),
Security audit
Security checks across malware telemetry and agentic risk
This is a real Opik tracing plugin, but it can export full conversation/tool data and upload referenced local media files with insufficient user-facing controls or warnings.
Install only if you are comfortable sending OpenClaw prompts, responses, tool inputs/outputs, errors, identifiers, and possible referenced media files to your configured Opik backend. Avoid using it on sensitive or regulated conversations unless you have reviewed Opik retention/access controls and can contain what data appears in prompts, tool results, and local media links.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
apiKey: [REDACTED](cfg.apiKey),
apiKey: [REDACTED](cfg.apiKey),