File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- src/__tests__/tools.test.ts:271
- Evidence
const { api, tools } = makeFakeApi({ apiKey: '[REDACTED]' });
Security audit
Security checks across malware telemetry and agentic risk
KeeperHub appears to be a real KeeperHub integration, but it exposes powerful wallet and workflow actions to the agent without a clear approval boundary.
Install only if you intend to let OpenClaw operate KeeperHub workflows and, if configured, wallet-backed on-chain actions. Use a least-privilege KeeperHub API key, enable any available OpenClaw tool-confirmation controls, review every transfer or contract call before execution, and avoid connecting wallets or integrations that the agent does not need.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
const { api, tools } = makeFakeApi({ apiKey: '[REDACTED]' });