Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: skills.update echoes raw apiKey and env secrets in gateway response [2 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#66769Fetched 2026-04-15 06:24:27
View on GitHub
Comments
1
Participants
2
Timeline
9
Reactions
0
Author
ai-hpcai-hpc
Participants
ai-hpcai-hpcMagicray1217Magicray1217
Timeline (top)
cross-referenced ×3referenced ×3labeled ×2commented ×1

The gateway skills.update method stores secret-bearing fields under skills.entries.<skillKey>, but its success response returns the updated entry without redaction. If apiKey or secret values in env are supplied, they are echoed back in plaintext in the RPC response. This can leak secrets into Control UI websocket traffic, client logs, session transcripts, or any wrapper that records gateway responses.

Root Cause

The gateway skills.update method stores secret-bearing fields under skills.entries.<skillKey>, but its success response returns the updated entry without redaction. If apiKey or secret values in env are supplied, they are echoed back in plaintext in the RPC response. This can leak secrets into Control UI websocket traffic, client logs, session transcripts, or any wrapper that records gateway responses.

Fix Action

Fixed

PR fix notes

PR #66793: fix: redact apiKey and env secrets from skills.update response

Description (problem / solution / changelog)

Summary

Prevents plaintext secrets from being echoed back in `skills.update* gateway RPC responses.

Root Cause

skills.update\* in src/gateway/server-methods/skills.ts* returned the updated config object directly, including raw apiKey\* and env* values. This leaked secrets into Control UI websocket traffic, client logs, and session transcripts.

Fix

Redact secret-bearing fields before responding:

  • apiKey\* → [REDACTED]*
  • env\* keys matching secret patterns (KEY, SECRET, TOKEN, PASSWORD, CREDENTIAL) → [REDACTED]*
  • Non-secret env values are preserved as-is

Closes openclaw#66769

Changed files

  • src/gateway/server-methods/skills.ts (modified, +15/-1)

PR #66928: fix(gateway): redact apiKey and secret env values in skills.update response

Description (problem / solution / changelog)

Summary

  • skills.update returned the full updated config entry including plaintext apiKey and secret env values in the RPC response
  • This could leak secrets into Control UI websocket traffic, client logs, or session transcripts
  • Now redacts apiKey entirely and masks env values whose keys match common secret patterns (key, secret, token, password, credential)

Fixes #66769

Test plan

  • Call skills.update with apiKey and secret env values
  • Verify response contains **REDACTED** instead of plaintext secrets
  • Verify non-secret env values (e.g., BRAVE_REGION) are still returned in plaintext

🤖 Generated with Claude Code

Changed files

  • src/gateway/server-methods/skills.ts (modified, +22/-1)

Code Example

{
  "skillKey": "demo-skill",
  "apiKey": "secret-api-key-123",
  "env": {
    "GEMINI_API_KEY": "secret-env-key-456",
    "BRAVE_REGION": "us"
  }
}

---
RAW_BUFFERClick to expand / collapse

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

The gateway skills.update method stores secret-bearing fields under skills.entries.<skillKey>, but its success response returns the updated entry without redaction. If apiKey or secret values in env are supplied, they are echoed back in plaintext in the RPC response. This can leak secrets into Control UI websocket traffic, client logs, session transcripts, or any wrapper that records gateway responses.

Steps to reproduce

  1. Connect to the gateway with a client that has operator.admin scope.
  2. Call skills.update with a payload like:
{
  "skillKey": "demo-skill",
  "apiKey": "secret-api-key-123",
  "env": {
    "GEMINI_API_KEY": "secret-env-key-456",
    "BRAVE_REGION": "us"
  }
}
  1. Inspect the successful RPC response payload.
  2. Observe that payload.config.apiKey and payload.config.env.GEMINI_API_KEY are returned in plaintext.

Expected behavior

skills.update should never echo secret-bearing values in plaintext. The response should either:

  • redact sensitive fields such as apiKey and secret-like env values, or
  • avoid returning the updated config object entirely and only return non-sensitive confirmation metadata.

Actual behavior

skills.update returns:

  • config.apiKey in plaintext
  • config.env[...] values in plaintext, including secret values

The current response path returns config: current directly instead of a redacted view.

OpenClaw version

2026.4.14

Operating system

Ubuntu 24.04

Install method

No response

Model

Not model-specific

Provider / routing chain

OpenClaw gateway -> skills.update handler -> config write -> gateway RPC response -> client / Control UI / websocket consumer

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

extent analysis

TL;DR

The skills.update method should be modified to redact sensitive fields, such as apiKey and secret-like env values, from its success response to prevent secret leakage.

Guidance

  • Review the skills.update method's response handling to identify where the sensitive fields are being included and modify it to exclude or redact these fields.
  • Consider implementing a redaction mechanism that can be applied to the response payload before it is sent back to the client, ensuring that sensitive information is not leaked.
  • Verify that the updated method correctly handles different types of requests and edge cases to ensure that sensitive information is never included in the response.
  • Evaluate the current logging and monitoring setup to ensure that it does not store or display sensitive information that might have been leaked through the previous behavior.

Example

// Example of a redacted response
{
  "skillKey": "demo-skill",
  "config": {
    "apiKey": "*****",
    "env": {
      "GEMINI_API_KEY": "*****",
      "BRAVE_REGION": "us"
    }
  }
}

Notes

The exact implementation of the redaction mechanism will depend on the specific requirements and constraints of the system, including any regulatory or security standards that must be met.

Recommendation

Apply a workaround by modifying the skills.update method to redact sensitive fields from its response, as this will immediately address the security concern of leaking secrets.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

skills.update should never echo secret-bearing values in plaintext. The response should either:

  • redact sensitive fields such as apiKey and secret-like env values, or
  • avoid returning the updated config object entirely and only return non-sensitive confirmation metadata.
#api#GPU setup#container setup#orchestration issue#cache issue

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix [Bug]: skills.update echoes raw apiKey and env secrets in gateway response [2 pull requests, 1 comments, 2 participants]