Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
if (options?.mirrorApiKeyToTopLevel && [REDACTED] !== void 0) next.apiKey = [REDACTED];
Openclaw Brave Plugin 2026.5.20.Tgz
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const apiKey = [REDACTED](searchConfig);
VirusTotal
61/61 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.