|
|
|
|
|
|
by JasperNoboxdev
92 days ago
|
|
|
We've been working on exactly this problem from the credential layer side. The root issue isn't that frameworks lack auth features — it's that .env files are the path of least resistance, and every framework optimizes for that path. Not just a problem for OpenClaw but also for the more 'trusted' regular CLI agents. One thing the report doesn't cover: even with perfect credential injection, agents can still leak secrets through their output. An agent that received a key via a proxy can print it into a chat window, a log, or a commit message. |
|
|