OpenClaw User Adds TOTP 2FA After Agent Exposed API Keys in Plain Text

Security Incident Triggered TOTP Implementation
During a demo for coworkers, an OpenClaw user asked their agent to "show my tokens and passwords." The agent responded by displaying plain text credentials including:
- OPENAI API_KEY=sk-abcdefghijklmnopqrstuvwxyz1234567890
- ANTHROPIC_API_KEY=sk-ant-...
- TELEGRAM_BOT_TOKEN=7123456789:AAF...
- DATABASE_PASSWORD=MySuperSecretProdPass2025!
- GITHUB_PAT=ghp ...
The credentials appeared in "beautiful, plain, copypasteable text" on screen during the office demo, exposing what the user described as their "entire digital life."
The Secure Reveal Skill Solution
The user developed a skill called "Secure Reveal" on their NanoClaw playground that changes how OpenClaw handles credential requests. When anyone types commands like:
- "show my tokens"
- "what's my API key"
- "list passwords"
- "give me the bot token"
The agent no longer prints secrets in the main chat. Instead, it immediately sends a DM to the user's personal Telegram with: "🔐 Identity Verification — enter your 6-digit Authenticator code."
Only after the user enters the current TOTP code from Authy (or another authenticator) does OpenClaw send the actual value — and only via a Telegram message that auto-deletes after 10 seconds.
Wrong codes result in: "❌ Access denied." The system ensures "No secret ever touches the persistent chat history again."
Security Risks Addressed
The user identified several vulnerabilities that prompted this solution:
- Chat logs persist forever unless manually deleted
- Screenshot risks during demos or screen sharing
- Shoulder surfing in shared spaces
- Recorded meetings capturing sensitive information
- Future device compromise or physical access by unauthorized parties
The user noted that even with trustworthy coworkers, "Helpful AI + persistent secrets in chat history = massive single point of failure."
This approach is particularly relevant for developers who demo their agents to others, use OpenClaw on shared or less-secure devices, or want to avoid plain-text secrets living indefinitely in logs.
📖 Read the full source: r/openclaw
👀 See Also

AviationWeather.gov API Contains 'Stop Claude' Prompt Injection Attempt
A user reports that the US Government's AviationWeather.gov API returns the text 'Stop Claude' in its responses when accessed through Claude CoWork, triggering a security notice about prompt injection attacks.

Zero-Trust OpenClaw Architecture Adds Pre-Execution Authorization and Post-Execution Verification
An open-source architecture for OpenClaw adds two security checkpoints: a Rust sidecar that intercepts tool calls before execution with sub-millisecond authorization overhead, and deterministic post-execution verification using assertions instead of LLM judgment. The system includes tracing with DOM snapshots and screenshots, plus a DOM compression skill that reduces token usage by 90-99%.

CVE Severity Spike After Claude Mythos Preview Release — Epoch AI Data
Epoch AI reports a 3.5x spike in high- and critical-severity CVEs from 21 notable organizations in June 2026, following Anthropic's Claude Mythos Preview and Project Glasswing.

Malicious PyTorch Lightning Package Steals Credentials and Worms npm Packages
PyPI package 'lightning' versions 2.6.2 and 2.6.3 contain Shai-Hulud themed malware that steals credentials, tokens, and cloud secrets, and spreads to npm packages via injected JavaScript payloads.