File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/lib/client.js:122
- Evidence
apiKey: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
AXON is a coherent real-money wallet/payment plugin, but its operator mode can move funds, issue keys, and freeze wallets without an artifact-shown confirmation boundary, so it needs review before use.
Install only if you intend to connect OpenClaw to AXON for real-money wallet/payment operations. Keep runtime and operator profiles separate, do not place an operatorDecisionApiKey in worker agents, require human review for all operator actions, and protect any returned runtime keys like passwords.
47/47 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal, suspicious.install_untrusted_source
apiKey: [REDACTED],
"placeholder": "http://127.0.0.1:3030",