Back to plugin

Security audit

OpenClaw Kitchen Sink

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw fixture is broad by design but its behavior is disclosed, credential-free, and aligned with testing the plugin API surface.

Install this mainly if you need OpenClaw plugin API coverage, conformance testing, or example code. Because it intentionally touches many plugin surfaces and hooks, avoid enabling it in sensitive production agent sessions unless you specifically want that fixture behavior active.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/fixtures/text.js:16
Evidence
apiKey: "[REDACTED]",

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/runtime/providers.js:283
Evidence
apiKey: "[REDACTED]",