Environment variable access combined with network send.
- Code
- suspicious.env_credential_access
- Location
- index.mjs:419
- Evidence
var APPROVAL_SECRET = process.env.OPENCLAW_APPROVAL_SECRET || crypto.randomUUID();
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real OpenClaw-to-Snarling bridge, using local HTTP callbacks and an optional approval secret in ways that match its stated purpose.
This looks internally coherent if you actually use Snarling or another local interaction surface. Before installing, understand that this is a code plugin, not just instructions: it will run OpenClaw plugin code, open callback routes through the gateway, send state/approval/notification data to the configured HTTP endpoint, and may wake the agent based on button, notification, or presence feedback. Set OPENCLAW_APPROVAL_SECRET if you want stable callback authentication, and only point the Snarling URL at a device or service you trust. Confidence is medium because some source excerpts were truncated in the provided artifact, so a full local review of index.ts/index.mjs would increase assurance.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
var APPROVAL_SECRET = process.env.OPENCLAW_APPROVAL_SECRET || crypto.randomUUID();
const APPROVAL_SECRET = process.env.OPENCLAW_APPROVAL_SECRET || crypto.randomUUID();