security audit output | Friends of the Crustacean 🦞🤝 | Page 1

brazen valve Apr 20, 2026, 10:39 PM

#

Krill, i ran deep security audit and got a bunch of warnings. I am not sure what to do.

OpenClaw 2026.4.15 (041266a) on Ubuntu with 2 agents running.

worthy walrusBOT Apr 20, 2026, 10:39 PM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

sour lotusBOT Apr 20, 2026, 10:39 PM

#

obsidian palmBOT Apr 20, 2026, 10:41 PM

#

Let me check the docs and find the audit command details so I don’t guess.

#

Deep audit is intentionally noisy, so a bunch of warnings does not automatically mean you’re compromised.

Safe first pass:

pnpm openclaw security audit --fix

That only does narrow safe fixes, mainly:

flips common open group policies to allowlists
restores logging.redactSensitive: "tools"
tightens perms on config/state/credentials files

It does not rotate secrets, disable tools, or rewrite your setup.

After that, paste the audit output here, or better just the severity, checkId, and message bits in a code block, with any tokens redacted. I can sort it into:

#

fix now
good hardening but not urgent
expected warning / can ignore for your setup

Highest-priority findings, if you see them:

gateway.auth.mode="none"
open DMs/groups combined with exec, elevated, or fs/runtime tools
world-readable or writable ~/.openclaw files
remote browser/CDP exposure
dangerous sandbox Docker network modes

Docs:

If you paste the warnings, I’ll triage them with you line by line.

brazen valve Apr 20, 2026, 10:45 PM

#

Secrets audit: findings. plaintext=8, unresolved=0, shadowed=0, legacy=1.
- [PLAINTEXT_FOUND] /root/.openclaw/openclaw.json:gateway.auth.token gateway.auth.token is stored as plaintext.
- [PLAINTEXT_FOUND] /root/.openclaw/openclaw.json:plugins.entries.tavily.config.webSearch.apiKey plugins.entries.tavily.config.webSearch.apiKey is stored as plaintext.
- [PLAINTEXT_FOUND] /root/.openclaw/openclaw.json:channels.discord.accounts.krill.token channels.discord.accounts.krill.token is stored as plaintext.
- [LEGACY_RESIDUE] /root/.openclaw/agents/main/agent/auth-profiles.json:profiles.openai-codex:default OAuth credentials are present (out of scope for static SecretRef migration).
- [PLAINTEXT_FOUND] /root/.openclaw/agents/main/agent/models.json:providers.codex.apiKey models.json provider apiKey is stored as plaintext.
- [PLAINTEXT_FOUND] /root/.openclaw/agents/krill/agent/models.json:providers.codex.apiKey models.json provider apiKey is stored as plaintext.
- [PLAINTEXT_FOUND] /root/.openclaw/.env:$env.BRAVE_API_KEY Potential secret found in .env (BRAVE_API_KEY).
- [PLAINTEXT_FOUND] /root/.openclaw/.env:$env.GOOGLE_API_KEY Potential secret found in .env (GOOGLE_API_KEY).
- [PLAINTEXT_FOUND] /root/.openclaw/.env:$env.OPENROUTER_API_KEY Potential secret found in .env (OPENROUTER_API_KEY).

obsidian palmBOT Apr 20, 2026, 10:46 PM

#

I’m checking the SecretRef docs so I can tell you the clean fix, not hand-wave it.

#

This is mostly saying, “you have credentials stored as plaintext on disk”, not “you’ve been hacked”.

Quick read on each item:

gateway.auth.token in openclaw.json: move this first
plugins.entries.tavily.config.webSearch.apiKey: should be moved too
channels.discord.accounts.krill.token: move this too
agents/*/agent/models.json:providers.codex.apiKey: don’t keep real keys in generated models.json
.env keys (BRAVE_API_KEY, GOOGLE_API_KEY, OPENROUTER_API_KEY): lower drama, but still plaintext on disk
LEGACY_RESIDUE for Codex OAuth: usually expected if you signed in with OAuth. SecretRef migration does not cover OAuth tokens

What I’d do, in order:

pnpm openclaw secrets configure

#

That’s the interactive helper for moving supported secrets to SecretRefs.

Then:

pnpm openclaw secrets audit --check
pnpm openclaw secrets reload

Important nuance:

openclaw.json and models.json plaintext findings are the ones I’d clean up first.
.env is still plaintext storage, even if it’s common. If you want the audit really clean, use file/exec SecretRefs instead of keeping secrets in ~/.openclaw/.env.
The Codex OAuth residue is not the same kind of issue. If that login is intentional, it’s not an emergency. If you suspect exposure, re-auth/rotate.

Also, models.json is generated state. I would not hand-edit that first. Fix the source credential config, then rerun secrets audit/reload so it regenerates with markers instead of real keys.

#

Docs:

If you want, paste the secrets configure questions/screens one by one and I’ll tell you exactly what to pick.

brazen valve Apr 22, 2026, 11:31 PM

#

│  ● Add provider (Define a new env/file/exec provider)
│  ○ Continue
└```

#security audit output