Summary
start-openclaw.sh (lines 109-116) passes API keys as CLI flags to openclaw onboard:
openclaw onboard --non-interactive --accept-risk \
--auth-choice cloudflare-ai-gateway-api-key \
--cloudflare-ai-gateway-api-key $CLOUDFLARE_AI_GATEWAY_API_KEY \
...These arguments are visible to any process in the container via ps aux or /proc/<pid>/cmdline while openclaw onboard is running.
Impact
Severity: High — API keys (AI Gateway key, OpenRouter key, Anthropic key) are transiently visible in the process table. In a shared or compromised container, this enables credential theft.
Recommendation
Check if openclaw onboard supports reading credentials from environment variables or stdin instead of CLI flags. If so, switch to that approach. If not, consider filing upstream with OpenClaw to add env var support for credential ingestion.
Found during security review for #74 / PR #298.
Summary
start-openclaw.sh(lines 109-116) passes API keys as CLI flags toopenclaw onboard:openclaw onboard --non-interactive --accept-risk \ --auth-choice cloudflare-ai-gateway-api-key \ --cloudflare-ai-gateway-api-key $CLOUDFLARE_AI_GATEWAY_API_KEY \ ...These arguments are visible to any process in the container via
ps auxor/proc/<pid>/cmdlinewhileopenclaw onboardis running.Impact
Severity: High — API keys (AI Gateway key, OpenRouter key, Anthropic key) are transiently visible in the process table. In a shared or compromised container, this enables credential theft.
Recommendation
Check if
openclaw onboardsupports reading credentials from environment variables or stdin instead of CLI flags. If so, switch to that approach. If not, consider filing upstream with OpenClaw to add env var support for credential ingestion.Found during security review for #74 / PR #298.