openclaw-admin-security-breakglass

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs the agent to read a private "breakglass" phone number from a file and directly substitute it verbatim into generated TypeScript code, which is an insecure secret-handling pattern that risks exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill intentionally injects a persistent backdoor by hard‑coding a "breakglass" phone number that bypasses normal allowlist checks, modifies source code, and restarts the service to grant permanent admin access and enable unauthorized takeover.