fuel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to capture a returned "virtualKey" (vk-...) and replace <USER_VIRTUAL_KEY> in the openclaw.json (and shows Authorization: Bearer <supabase_session>), which requires emitting secret values verbatim into configs/requests, creating an exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment gateway integration and instructions to initiate and complete payments. It shows concrete API calls to create a Stripe checkout (POST https://openclaw.rocks/api/fuel/agent-checkout with an "amount" field), returns a Stripe checkoutUrl, instructs the agent to open that URL and complete payment (including using stored payment credentials), and includes polling for payment status and autonomous top-up logic. It also exposes a balance API and a top-up URL. These are specific, transaction-oriented APIs for topping up credits via Stripe — i.e., direct financial execution.