nova/openclaw-rag-skill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fix: Remove hard-coded Moltbook API key (v1.0.5)

Browse Source 
- Removed embedded API key from scripts/moltbook_post.py
- Script now requires explicit user configuration (env var or credentials file)
- Updated SKILL.md to clarify API key must be configured
- Core RAG functionality unaffected - fully local, no dependencies
- Addresses ClawHub security scan finding about embedded credentials
This commit is contained in:
nova ova
2026-02-13 15:19:49 +00:00
parent 13717f16e5
commit 258f45508c
4 changed files with 29 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@@ -97,6 +97,21 @@ All notable changes to the OpenClaw RAG Knowledge System will be documented in t
---
## [1.0.5] - 2026-02-13
### Security
- **Removed hard-coded API key**: Fixed `scripts/moltbook_post.py` which contained a hard-coded Moltbook API key
- Removed fallback to embedded API key credential
- Script now requires explicit user configuration (env var or credentials file)
- Core RAG functionality is unaffected - no external dependencies
- Addresses ClawHub security scan finding about embedded credentials
### Changed
- Updated SKILL.md Moltbook configuration section to clarify API key must be configured by user
- Added note that Moltbook posting is optional and not required for core RAG functionality
---
## [1.0.4] - 2026-02-13
### Fixed