Description

When starting the gateway with openclaw gateway run --password <secret>, the password appears in plaintext in the process argument list, visible to any user on the host via ps aux.

Steps to Reproduce

1. Start gateway: node openclaw.mjs gateway run --password mysecret
2. From another terminal: ps aux | grep openclaw
3. Password is visible in the command line arguments

Expected Behavior

Secrets should not be visible in process arguments. The password should be read from:

• Environment variable (e.g., OPENCLAW_GATEWAY_PASSWORD)
• Config file (gateway.auth.token in openclaw.json)
• stdin

Impact

On shared hosts or in environments where process lists are logged/monitored, gateway credentials are exposed. This is especially relevant in Docker containers where docker inspect or docker top can reveal arguments.

Suggested Fix

• Read password from environment variable or config file only
• If CLI flag is kept, mask it in /proc/[pid]/cmdline (or document the risk)
• Consider --password-stdin pattern (similar to docker login --password-stdin)