Swarm Leak Detector: Free Tool to Scan for Exposed API Keys in OpenClaw Configs

A developer running OpenClaw agents in production built a free tool to address a common security issue: API keys sitting in plaintext JSON files that any process on the machine can read.

What It Does

The tool, swarm-leak-detector, scans your configuration files for exposed credentials. It specifically looks for patterns matching over 21 different service providers including OpenAI, Anthropic, OpenRouter, and Stripe.

How to Use It

Run the scanner with this command:

npx swarm-leak-detector scan ~/.clawdbot/

Key Features

• Zero dependencies
• MIT licensed
• Takes about 30 seconds to run
• Scans for 21+ credential patterns
• Specifically designed for OpenClaw/Clawdbot setups

Source and Availability

The tool is available on GitHub at https://github.com/5WARM-AI/swarm-leak-detector. The developer created it to solve their own problem of finding API keys in plaintext JSON files and is open to feedback from others running similar agent setups.

This type of security scanning tool is particularly useful for developers working with AI agents where API keys are frequently stored in configuration files and accidental exposure can lead to unauthorized access and unexpected charges.