File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/index.js:50
- Evidence
const apiKey = [REDACTED](PROVIDER_ID)?.apiKey;
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent EUrouter model-provider plugin that only uses the disclosed EUrouter API key to register models and route LLM requests through EUrouter.
Install this only if you intend to send prompts and model inputs to EUrouter using your EUrouter account. Keep your EUROUTER_API_KEY in the OpenClaw secrets store, maintain any model allowlist you use, and review EUrouter's service terms and data-handling commitments for your compliance needs.
66/66 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED](PROVIDER_ID)?.apiKey;