Back to plugin

Security audit

AXON

Security checks across malware telemetry and agentic risk

Overview

AXON is a coherent real-money wallet/payment plugin, but its operator mode can move funds, issue keys, and freeze wallets without an artifact-shown confirmation boundary, so it needs review before use.

Install only if you intend to connect OpenClaw to AXON for real-money wallet/payment operations. Keep runtime and operator profiles separate, do not place an operatorDecisionApiKey in worker agents, require human review for all operator actions, and protect any returned runtime keys like passwords.

VirusTotal

47/47 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.install_untrusted_source

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/lib/client.js:122
Evidence
apiKey: [REDACTED],

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:63
Evidence
"placeholder": "http://127.0.0.1:3030",