File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- src/fixtures/text.js:16
- Evidence
apiKey: "[REDACTED]",
Security audit
Security checks across malware telemetry and agentic risk
This official OpenClaw fixture is broad by design but its behavior is disclosed, credential-free, and aligned with testing the plugin API surface.
Install this mainly if you need OpenClaw plugin API coverage, conformance testing, or example code. Because it intentionally touches many plugin surfaces and hooks, avoid enabling it in sensitive production agent sessions unless you specifically want that fixture behavior active.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
apiKey: "[REDACTED]",
apiKey: "[REDACTED]",