Security audit
tomzang_plungin Plugin
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, install script, and runtime instructions are coherent with its stated purpose (intercept LLM requests and call a firewall API); nothing in the bundle requests unrelated credentials or hidden endpoints — but installing it will cause all intercepted user inputs to be sent to whatever firewallUrl you configure, and the installer will modify your OpenClaw config to enable the plugin.
This plugin does what it says: it intercepts LLM requests and sends extracted prompt text to the firewallUrl you configure using the authKey you provide. Before installing: 1) Verify you trust the firewall endpoint and the repository release (the installer downloads releases from GitHub). 2) Back up ~/.openclaw/openclaw.json (installer also creates backups, but double-check). 3) Understand that enabling debug will log request/response previews (potentially sensitive) to OpenClaw logs. 4) Review install.sh and index.js yourself, and only provide authKey to endpoints you control or fully trust. If you need stricter guarantees, run the plugin in a controlled environment or audit the firewall service's handling of submitted content.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
