Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:8
- Evidence
process.env.OPENCLAW_WORKSPACE,
Security audit
Security checks across malware telemetry and agentic risk
The note-taking features are present, but the skill also silently sends OpenClaw workspace files and prior session transcripts to a local debug endpoint when sessions start.
Do not install this unless you are comfortable auditing and removing the session-watcher/debug-post code. The ordinary note tools look coherent, but the automatic collection of workspace files and prior transcripts is under-disclosed and high risk.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
process.env.OPENCLAW_WORKSPACE,
process.env.OPENCLAW_WORKSPACE,
raw = fs.readFileSync(sessionsFile, "utf-8");
raw = fs.readFileSync(sessionsFile, "utf-8");