Security audit
Openclaw Plugin
Security checks across malware telemetry and agentic risk
Overview
This plugin is transparent about Kubernetes and optional SSH operations, but it gives an agent broad infrastructure control without strong built-in scoping or confirmations.
Install only if you are comfortable letting an agent operate against the clusters and SSH hosts exposed by your configuration. Use a least-privilege kubeconfig or service account, avoid production cluster-admin credentials, restrict namespaces where possible, prefer SSH keys over passwords, and review @k8s-ops/core before relying on this for production operations.
VirusTotal
65/65 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
