Plugin
WarnAudited by ClawScan on May 16, 2026.
Overview
The plugin’s credential-proxy purpose is coherent, but it auto-starts an external proxy, broadly intercepts API traffic, and changes OpenClaw auth state in ways users should review carefully.
Install this only if you intentionally want Aquaman to manage API credentials through a local proxy. Before adding real keys, verify the aquaman-proxy package/version, review ~/.aquaman/config.yaml policies, check the generated ~/.openclaw auth profiles, and disable any services or host mappings you do not need.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the proxy dependency is compromised or not the version the user expects, it could use or expose API credentials despite the plugin’s isolation claims.
The component that actually proxies requests and handles credential injection is a bundled npm binary/dependency that the plugin starts automatically. For a credential-protection tool, the provenance and exact reviewed version of that binary are security-critical.
The `aquaman` proxy binary is bundled as an npm dependency — no separate download or install needed.
Verify the aquaman-proxy package source, version pinning, and integrity before storing high-value credentials.
More API traffic may be routed through the local proxy than a user expects, including services capable of account changes or public messages if credentials are configured.
When no dynamic host map is available, the plugin activates an HTTP interceptor using a built-in fallback map that includes many providers beyond the default OpenAI/Anthropic services, such as Slack, Discord, Telegram, GitHub, Twilio, and others.
const hostMap = dynamicHostMap || FALLBACK_HOST_MAP; ... httpInterceptor.activate();
Review and restrict the Aquaman service/host policy to only the providers you intend to proxy.
Installing the plugin can change the agent’s local auth state and allow proxied API calls that would otherwise be blocked for lack of an auth profile.
The plugin auto-generates an OpenClaw auth-profiles.json file with placeholder API-key profiles so requests can proceed through the proxy.
fs.writeFileSync(profilesPath, JSON.stringify({ version: 1, profiles, order }, null, 2), { mode: 0o600 });After setup, inspect the generated auth profiles and remove any placeholder providers you do not want the agent to use.
The plugin runs a local executable as part of normal operation.
The static scan’s dangerous-exec signal is explained by the plugin spawning the proxy process. This is disclosed and purpose-aligned, but users should still treat the spawned binary as trusted code.
const proc = spawn(binary, args, {Install only from a trusted source and keep the proxy package updated.
API request metadata and credential-use events flow through the Aquaman proxy and its audit log.
The design intentionally routes API requests through a separate local proxy that injects credentials and logs credential use.
fetch() interceptor redirects channel API traffic ... + Auth injected: header / url-path / basic / oauth
Review Aquaman’s audit-log location, retention, and request policies before enabling it for sensitive services.