Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Skill content
function resolvePreferencesStorePath(env = process.env) {
Openclaw Discord 2026.5.20.Tgz
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
if (params.config.token?.trim()) headers.Authorization = [REDACTED]();
VirusTotal
62/62 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.