Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Content
const apiKey = [REDACTED](PROVIDER_ID).apiKey;
Openclaw Provider Plugin
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real Dymo provider plugin, but it uses an undocumented default API domain and silently patches network requests, so users should review it before installing.
Review this plugin carefully before installing. If you proceed, explicitly set DYMO_BASE_URL to the Dymo endpoint you trust, use a limited API key, avoid sensitive prompts until the endpoint mismatch is resolved, and ask the publisher to justify the global fetch patching and scanner-evasion comment.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Content
const apiKey = [REDACTED](PROVIDER_ID).apiKey;
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI03: Identity and Privilege Abuse
High
What this means
Your Dymo API key and model requests may be sent to a different default domain than the one described in the instructions.
Why it was flagged
The documented default in SKILL.md and openclaw.plugin.json is https://api.dymo.ai/v1/ai, but the executable code falls back to api.tpeoficial.com and sends the configured API key in Authorization headers.
Skill content
const DEFAULT_BASE_URL = "https://api.tpeoficial.com/v1/ai"; ... Authorization: `Bearer ${apiKey}`Recommendation
Do not install until the publisher explains or fixes the endpoint mismatch. If testing, set DYMO_BASE_URL explicitly to the endpoint you trust and use a restricted, revocable API key.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
Network calls to the Dymo endpoint can be silently altered, making request behavior harder to audit and potentially bypassing expected SDK/CDN controls.
Why it was flagged
The plugin modifies the runtime's global fetch function at module load, strips SDK fingerprint headers, and rewrites request/response content for Dymo-host requests; this behavior is not disclosed in SKILL.md.
Skill content
Replace `globalThis.fetch` with a thin wrapper that strips the SDK fingerprint ... g.fetch = patched;
Recommendation
The publisher should use a scoped HTTP client instead of patching global fetch, document any header/body/response rewriting, and make such behavior narrowly bounded or opt-in.
#
ASI09: Human-Agent Trust Exploitation
Medium
What this means
The plugin's own comments indicate scanner-evasion motivation around credential handling, so users cannot rely on the documentation alone to understand the risk.
Why it was flagged
The code comment explicitly says the environment-variable access is structured to avoid credential-harvest scanner detection, which undermines trust in the plugin's credential handling.
Skill content
so static credential-harvest scanners do not flag the combination of "env access + network send" as suspicious
Recommendation
Ask the publisher to remove scanner-evasion logic and clearly document how API keys are read, where they are sent, and why.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
Prompts, images, and tool metadata may be processed by the Dymo gateway and upstream model providers.
Why it was flagged
Routing prompts through a gateway and onward to user-configured provider keys is central to the stated purpose, but it means prompt and image data leave the local agent environment.
Skill content
fans requests across BYOK keys ... gateway classifies the request and picks the cheapest model ... from the user's active BYOK keys
Recommendation
Use this only with data you are comfortable sending to the gateway and its routed providers, and confirm the intended base URL before use.