[Bug]: Skill apiKey entries leak as OPENAI_API_KEY env var to ACP harness child processes (Codex CLI uses API billing instead of OAuth)

Summary

When skills like openai-image-gen or openai-whisper-api have an apiKey configured in openclaw.json, OpenClaw exports that key as OPENAI_API_KEY in the process environment. This env var is inherited by all child processes, including ACP harnesses like Codex CLI. Codex sees the API key, ignores its own OAuth authentication (forced_login_method = "chatgpt"), and routes all requests through the OpenAI API — silently incurring charges on the user's API account instead of using the free ChatGPT Plus auth.

Steps to Reproduce

1. Configure a skill with an OpenAI API key in openclaw.json:

   {
     "skills": {
       "entries": {
         "openai-image-gen": {
           "apiKey": "sk-proj-..."
         }
       }
     }
   }

2. Configure Codex CLI with OAuth auth:

   # ~/.codex/config.toml
   forced_login_method = "chatgpt"

3. Verify Codex OAuth works in a clean terminal:

   codex exec "echo hello"
   # → Uses OAuth auth (free via ChatGPT Plus)

4. Spawn Codex via OpenClaw (exec tool or ACP harness):

   # Inside OpenClaw session:
   env | grep OPENAI_API_KEY
   # → OPENAI_API_KEY=sk-proj-... (leaked from skill config)
   
   codex exec "echo hello"
   # → Uses API key billing (charges $$)

Expected Behavior

Skill-specific API keys should not leak into the environment of unrelated child processes. Codex CLI (and other ACP harnesses) should inherit a clean environment without OPENAI_API_KEY, allowing them to use their own configured authentication method (OAuth).

Possible approaches:

• Scope skill env vars: Only inject skill API keys into the environment when actually running that specific skill's commands, not globally
• Allow env exclusion list: Add a config option like acp.excludeEnv: ["OPENAI_API_KEY"] to strip specific env vars before spawning ACP harnesses
• Unset for ACP harnesses: When spawning known ACP harnesses (codex, claude, etc.), automatically strip provider API keys that conflict with their own auth

Actual Behavior

OPENAI_API_KEY from skill entries is present in the environment for all child processes. Codex CLI prioritizes API key over OAuth, silently switching from free ChatGPT Plus auth to paid API billing.

Impact

• Silent cost: Users get charged for API usage they didn't intend (in our case, ~$44 in one session before noticing)
• No warning: There is no indication that Codex switched from OAuth to API auth
• Hard to diagnose: The skill apiKey → env var → Codex inheritance chain is not obvious

Environment

• OpenClaw: 2026.3.2
• Codex CLI: v0.110.0
• OS: macOS (arm64)
• Config: forced_login_method = "chatgpt" in Codex, skill apiKeys in openclaw.json

Workaround

When spawning Codex via exec, prefix with OPENAI_API_KEY=:

OPENAI_API_KEY= codex exec "prompt"

This does not work for ACP sessions spawned via sessions_spawn where env cannot be overridden.

Related

• Surface detected-but-unconfigured provider env vars instead of silently activating them #33328 — Surface detected-but-unconfigured provider env vars
• Implicit provider auto-discovery silently merges with explicit config — can cause unexpected costs and routing #33327 — Implicit provider auto-discovery