Security audit
QNAIGC API
Security checks across malware telemetry and agentic risk
Overview
This plugin is internally consistent: it registers an OpenClaw provider that uses a single QNAIGC API key and contains no extraneous installs, files, or unexpected credential requests.
This plugin appears to do what it claims: enable QNAIGC models via an API key. Before installing, confirm you trust the QNAIGC service and where you obtain the key (README points to qiniu.com while the plugin talks to https://anthropic.qnaigc.com). Only provide a key with the minimum needed permissions, consider using a dedicated/rotatable key, and remove it if you no longer use the plugin. Because the agent can call installed providers autonomously (normal behavior), only install providers you trust.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
