Back to plugin

Security audit

Aquaman: API Key Protection

Security checks across malware telemetry and agentic risk

Overview

This is a credential-proxy plugin with powerful but clearly disclosed behavior that fits its stated purpose.

Install this only if you want Aquaman to manage credential routing for selected services. Review the configured services list, use a trusted aquaman-proxy version, and disable auto-generated auth profiles if you manage OpenClaw authentication manually.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/src/proxy-manager.js:83
Evidence
const proc = spawn(binary, args, {