openclaw-sentry

clawhub:openclaw-sentry

View source

84/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

84/100

MEDIUM 2

Findings (2)

MEDIUM

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access) NLP_HEADING_MISMATCH

prompt-injection L9

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access)

Scans your agent workspace for leaked secrets — API keys, tokens, passwords, private keys, and credentials that should never be in plain text.

FIX

Ensure section headings accurately reflect the content that follows. Remove headings that could mislead an LLM into treating content differently than intended.

FP?

Likely FP if the heading mismatch is due to inconsistent markdown formatting or a benign section title that happens to contain keywords like system or config.

MEDIUM

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access) NLP_HEADING_MISMATCH

prompt-injection L13

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access)

Agent workspaces accumulate secrets: API keys in config files, tokens in memory logs, passwords in environment files. A single leaked credential can compromise your entire infrastructure. Existing sec...

FIX

Ensure section headings accurately reflect the content that follows. Remove headings that could mislead an LLM into treating content differently than intended.

FP?

Likely FP if the heading mismatch is due to inconsistent markdown formatting or a benign section title that happens to contain keywords like system or config.