This is exactly why I built BlindKey. The trust boundary problem isn't just about framework vulnerabilities — it's that agents hold plaintext credentials in memory in the first place. If a compromised session can read your API keys, revocation doesn't matter.
BlindKey takes a different approach: agents never see the real key. They reference bk://stripe, and the credential is injected server-side at request time. Even if the session is hijacked, the attacker gets a reference token, not the secret.
Ships as an OpenClaw plugin: npm install u/blindkey/openclaw-plugin
github.com/michaelkenealy/blindkey
https://www.reddit.com/r/openclaw/comments/1s96xqs/openclaws...