Security audit
LFIT
Security checks across malware telemetry and agentic risk
Overview
This appears to be a local image-generation plugin, but its privacy claims are inconsistent with bundled code paths that can send prompts outside the main plugin process.
Review this before installing if prompt privacy matters. The normal OpenClaw tool is intended for local generation, but avoid sensitive prompts unless you have confirmed the sd-server endpoint is loopback-only, do not run lfit-quick with private prompts, and treat any configured LFIT_BIN or binaryPath as fully trusted local code.
VirusTotal
65/65 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
