Security audit
Strake
Security checks across malware telemetry and agentic risk
Overview
This plugin appears to do what it says: it registers Strake as an OpenClaw model provider and uses a Strake endpoint and token to proxy model requests.
This looks like a legitimate provider plugin, not a malicious skill. Before installing, make sure you trust Strake to hold the upstream API key, verify the STRAKE_BASE_URL value, and prefer short-lived or easily revocable tokens rather than long-lived secrets in shell profiles.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
