We saw how 30 AI agent projects handle authorization-93% use unscoped API keys
We reviewed 30 of the most popular AI agent projects on GitHub (OpenClaw,
AutoGen, CrewAI, LangGraph, MetaGPT, AutoGPT, etc.) across six authorization
criteria: scoped permissions, per-agent identity, user consent, revocation,
audit trails, and delegation control.
3 comments
We've been working on exactly this problem from the credential layer side. The root issue isn't that frameworks lack auth features — it's that .env files are the path of least resistance, and every framework optimizes for that path. Not just a problem for OpenClaw but also for the more 'trusted' regular CLI agents.
One thing the report doesn't cover: even with perfect credential injection, agents can still leak secrets through their output. An agent that received a key via a proxy can print it into a chat window, a log, or a commit message.
One thing the report doesn't cover: even with perfect credential injection, agents can still leak secrets through their output. An agent that received a key via a proxy can print it into a chat window, a log, or a commit message.