A way to make you auth tokens totally hidden from OpenClaw. The idea:

* Put all auth tokens into a secrets directory

* Run OpenClaw in sandbox-exec mode using a shell wrapper. OpenClaw process is blocked by the OS from accessing secrets.

* OpenClaw routes API requests to HTTP proxy that injects auth tokens.