Back to plugin

Security audit

Openclaw Plugin Repo

Security checks across malware telemetry and agentic risk

Overview

This plugin appears purpose-built for Comment.io, but it exposes long-lived agent secrets directly to the model prompt, which users should review before installing.

Review this carefully before installing. Use anonymous mode or a least-privileged, revocable Comment.io agent secret if possible, and assume any configured secret may become visible to the agent, logs, transcripts, or prompt-injection content. Rotate the token if it was pasted into a shared shell or if you no longer trust the agent context.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.