Back to plugin

Security audit

UniGateway

Security checks across malware telemetry and agentic risk

Overview

This is a coherent UniGateway LLM provider plugin; the main risks are ordinary API-key handling and broad dynamic model access, not hidden or malicious behavior.

Before installing, confirm you trust UniGateway to receive prompts and model traffic, prefer setting UNIGATEWAY_API_KEY through the environment or OpenClaw's secret prompt instead of putting the raw key directly on the command line, and monitor which UniGateway models are used because dynamic model discovery may expose models with different cost or policy characteristics.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:68
Evidence
const apiKey = [REDACTED](PROVIDER_ID).apiKey;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:75
Evidence
const apiKey = [REDACTED](PROVIDER_ID).apiKey;