Security audit
openclaw power pack
Security checks across malware telemetry and agentic risk
Overview
The pack is broadly consistent with an OpenClaw automation installer, but it sets up persistent scheduled agent behavior and encourages storing sensitive credentials in agent-readable files without tight scope controls.
Before installing, review the Python installer and choose the most limited setup mode. Do not add real passwords or tokens to TOOLS.md, and disable or carefully review cron and heartbeat jobs that can run agents or update MEMORY.md automatically.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
