Back to plugin

Security audit

My Egg

Security checks across malware telemetry and agentic risk

Overview

The plugin’s purpose is coherent, but it needs a bearer token and delegates to file, terminal, SSH, and summary agents while the referenced executable plugin code is not included for review.

Review this plugin before installing. Confirm the package includes the actual reviewed dist/source files, use a least-privilege agent-service token, keep the service URLs local or trusted, and test with dryRun or skip flags before allowing it to run the full workflow.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:13
Evidence
"default": "http://127.0.0.1:8010"