ClawHub
Back to plugin
Pluginv0.8.0

Static analysis security

memory-braid · Deterministic local checks for risky code patterns and metadata mismatches.

Scanner verdict

SuspiciousMar 23, 2026, 7:31 PM
Summary
Detected: suspicious.env_credential_access
Reason codes
suspicious.env_credential_access
Engine
v2.2.0

Evidence

criticalsrc/entities.ts:45
Environment variable access combined with network send.
process.env.OPENCLAW_STATE_DIR?.trim() ||
criticalsrc/extract.ts:253
Environment variable access combined with network send.
const key = process.env.OPENAI_API_KEY;
criticaltest/entities.test.ts:166
Environment variable access combined with network send.
const originalApiKey = process.env.OPENAI_API_KEY;