config-encryption-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The auditor scans files for plaintext API keys and its usage examples and remediation steps explicitly show embedding secret values verbatim (e.g., export OPENCLAW_API_KEY="sk-abc123...") and would record findings in state, so the agent would need to read and output secrets directly.