Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Content
Authorization: [REDACTED],
Now4real
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a normal Now4real chat-channel plugin that receives Now4real webhooks and sends OpenClaw replies back to Now4real without asking for unrelated access.
Before installing, confirm you intend to connect your public Now4real page chats to OpenClaw. Use a strong unique webhookAuthorization value, keep OPENCLAW_NOW4REAL_API_URL unset unless you deliberately need a non-default Now4real-compatible endpoint, and enable requireMention if you do not want every public chat message to trigger the agent. Be aware that visitor messages and chat history may be provided to OpenClaw for context and that OpenClaw replies will be posted back into the Now4real chat.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Content
Authorization: [REDACTED],
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.