File appears to expose a hardcoded API secret or token.
- Code
- suspicious.exposed_secret_literal
- Location
- tests/unit/security.test.ts:202
- Evidence
const { redacted } = redactSecrets('Authorization: Bearer [REDACTED]');
Security audit
Security checks across malware telemetry and agentic risk
This is a real security-policy plugin, but its own safety controls and data-handling behavior have enough concrete gaps that users should review it before installing.
Install only after reviewing the risk-score logic and logging behavior. Treat it as a high-privilege security plugin: it can inspect prompts, tool calls, and outputs; write persistent security logs; alter OpenClaw config; and optionally learn command allowlists. Avoid opening bundled analytics HTML with sensitive logs unless CDN dependencies are removed or trusted, and do not run deploy.sh without accepting the gateway restart and pairing-state changes.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal, suspicious.nonstandard_network
const { redacted } = redactSecrets('Authorization: Bearer [REDACTED]');const ws = new WebSocket('ws://127.0.0.1:18789/acp', {