Back to plugin

Security audit

KeeperHub

Security checks across malware telemetry and agentic risk

Overview

KeeperHub appears to be a real KeeperHub integration, but it exposes powerful wallet and workflow actions to the agent without a clear approval boundary.

Install only if you intend to let OpenClaw operate KeeperHub workflows and, if configured, wallet-backed on-chain actions. Use a least-privilege KeeperHub API key, enable any available OpenClaw tool-confirmation controls, review every transfer or contract call before execution, and avoid connecting wallets or integrations that the agent does not need.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/__tests__/tools.test.ts:271
Evidence
const { api, tools } = makeFakeApi({ apiKey: '[REDACTED]' });