You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -627,6 +627,15 @@ Wallet needs funding.
627
627
3. $1-5 is enough for hundreds of requests
628
628
4. Restart OpenClaw
629
629
630
+
### "WARNING: dangerous code patterns — possible credential harvesting"
631
+
632
+
This is a **false positive**. ClawRouter legitimately:
633
+
634
+
1. Reads `BLOCKRUN_WALLET_KEY` from environment (for authentication)
635
+
2. Sends authenticated requests to BlockRun API (for x402 micropayments)
636
+
637
+
This pattern triggers OpenClaw's security scanner, but it's the intended behavior — the wallet key is required to sign payment transactions. The code is fully open source and auditable.
638
+
630
639
### Security Scanner Warning: "env-harvesting"
631
640
632
641
OpenClaw's security scanner may flag ClawRouter with:
0 commit comments