Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const { message, token, account, config, runtime, core, mediaPath, mediaType, statusSink, fetcher, authorization: [REDACTED] } = params;
Openclaw Zalo 2026.5.20.Tgz
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
VirusTotal
62/62 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.