Security checks across malware telemetry and agentic risk
This workflow orchestration plugin does run and supervise project tasks, but the reviewed artifacts match that purpose and did not show hidden exfiltration or destructive behavior.
Install only if you want an OpenClaw plugin that can orchestrate project tasks and persist workflow history. Keep autopilot disabled or manual-review-only for sensitive work, avoid syncing reports to Obsidian unless that vault is appropriate for project details, and only configure ACP/plugin paths from trusted sources.
await this.stateStore.saveWorkflow(input.projectRoot, reviewResult.workflow);
finalWorkflow = reviewResult.workflow;
}
increments.autoApproveCount += reviewResult.counts.autoApproved;
increments.retryCount += reviewResult.counts.retryQueued;
increments.escalationCount += reviewResult.counts.escalated;
const sessionStore = new SessionStore(this.stateStore.config);await this.stateStore.saveWorkflow(input.projectRoot, reviewResult.workflow);
finalWorkflow = reviewResult.workflow;
}
increments.autoApproveCount += reviewResult.counts.autoApproved;
increments.retryCount += reviewResult.counts.retryQueued;
increments.escalationCount += reviewResult.counts.escalated;
const sessionStore = new SessionStore(this.stateStore.config);? `synced ${syncResult.results.length} active run${syncResult.results.length === 1 ? "" : "s"} (${transitionedCount} transition${transitionedCount === 1 ? "" : "s"})`
: `synced ${syncResult.results.length} active run${syncResult.results.length === 1 ? "" : "s"}`);
}
if (reviewResult.counts.autoApproved > 0) {
summaryParts.push(`auto-approved ${reviewResult.counts.autoApproved} review task${reviewResult.counts.autoApproved === 1 ? "" : "s"}`);
}
if (reviewResult.counts.retryQueued > 0) {: `synced ${syncResult.results.length} active run${syncResult.results.length === 1 ? "" : "s"}`);
}
if (reviewResult.counts.autoApproved > 0) {
summaryParts.push(`auto-approved ${reviewResult.counts.autoApproved} review task${reviewResult.counts.autoApproved === 1 ? "" : "s"}`);
}
if (reviewResult.counts.retryQueued > 0) {
summaryParts.push(`re-queued ${reviewResult.counts.retryQueued} rejected review task${reviewResult.counts.retryQueued === 1 ? "" : "s"}`);: `synced ${syncResult.results.length} active run${syncResult.results.length === 1 ? "" : "s"}`);
}
if (reviewResult.counts.autoApproved > 0) {
summaryParts.push(`auto-approved ${reviewResult.counts.autoApproved} review task${reviewResult.counts.autoApproved === 1 ? "" : "s"}`);
}
if (reviewResult.counts.retryQueued > 0) {
summaryParts.push(`re-queued ${reviewResult.counts.retryQueued} rejected review task${reviewResult.counts.retryQueued === 1 ? "" : "s"}`);: `synced ${syncResult.results.length} active run${syncResult.results.length === 1 ? "" : "s"}`);
}
if (reviewResult.counts.autoApproved > 0) {
summaryParts.push(`auto-approved ${reviewResult.counts.autoApproved} review task${reviewResult.counts.autoApproved === 1 ? "" : "s"}`);
}
if (reviewResult.counts.retryQueued > 0) {
summaryParts.push(`re-queued ${reviewResult.counts.retryQueued} rejected review task${reviewResult.counts.retryQueued === 1 ? "" : "s"}`);workflow: nextWorkflow,
decisions,
counts: {
autoApproved: decisions.filter((decision) => decision.decision === "approve").length,
retryQueued: decisions.filter((decision) => decision.decision === "reject" && decision.finalStatus === "ready").length,
rejectedBlocked: decisions.filter((decision) => decision.decision === "reject" && decision.finalStatus === "blocked").length,
escalated: decisions.filter((decision) => decision.decision === "escalate").length,66/66 vendors flagged this plugin as clean.