Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
body.client_secret = [REDACTED];
TraceProof Runtime
Security checks across static analysis, malware telemetry, and agentic risk
Overview
TraceProof Runtime appears purpose-aligned: it runs a verification plugin that uses TraceProof credentials, calls TraceProof APIs, and stores local proof state, with no artifact-backed malicious behavior found.
Install this only if you want OpenClaw sessions to be proofed through TraceProof. Use dedicated TraceProof credentials, protect the OpenClaw config file, review the API endpoints, back up any existing workspace AGENTS.md before copying the bundled grounding, and be aware that proof state with short message previews is stored locally.
Static analysis
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Once enabled, the plugin can run inside the OpenClaw gateway and act on conversation events.
Why it was flagged
Installing and enabling the package causes `index.js` to run as an OpenClaw runtime plugin. This is expected for the stated purpose, but users should recognize it is executable plugin code, not just passive documentation.
Skill content
"openclaw": { "extensions": [ "./index.js" ] }Recommendation
Install only from the intended source/version and review the TraceProof configuration before enabling the plugin.
What this means
Anyone with access to the configured secrets could potentially use the associated TraceProof authority to create or verify traces/proofs.
Why it was flagged
The plugin requires TraceProof OAuth credentials and a credential key to create traces and proofs. This is disclosed and purpose-aligned, but these are account-authority secrets.
Skill content
"required": [ "oauthClientId", "oauthClientSecret", "agentId", "credentialKey" ]
Recommendation
Use scoped, revocable TraceProof credentials; keep `~/.openclaw/openclaw.json` protected; rotate credentials if they are exposed.
What this means
Short snippets of user and assistant messages may remain on disk in the workspace state file.
Why it was flagged
The sample session state shows that local proof state can include digests, proof tokens, message IDs, verification data, and short message previews. This supports the documented persistence behavior.
Skill content
"digest": "6452f93e...", "proof": "omp1_c07e...", "preview": "tell me about traceproof"
Recommendation
Avoid enabling it for conversations where even short local message previews should not be retained, or periodically review/delete `.traceproof-runtime/sessions.json` according to your retention needs.
What this means
The assistant may preferentially use the bundled TraceProof definitions and workflow guidance in future TraceProof-related conversations.
Why it was flagged
The setup intentionally installs persistent workspace grounding and a high-precedence TraceProof skill. This is disclosed and scoped to TraceProof product behavior, but it can affect future agent answers.
Skill content
`AGENTS.md` in the workspace root provides the TraceProof operating guidance; `skills/traceproof/SKILL.md` in the workspace makes the TraceProof skill available from the highest-precedence location
Recommendation
Back up any existing workspace `AGENTS.md` before copying, and confirm the bundled grounding matches how you want the agent to answer TraceProof questions.