openclaw-control-center

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs reading a local token (e.g., cat ~/.openclaw/local-token) and shows including it in API calls/headers (curl -H "X-Local-Token: "), which requires embedding secret values verbatim in commands/requests and thus poses exfiltration risk.