Back to plugin

Security audit

Buddy

Security checks across malware telemetry and agentic risk

Overview

Buddy mostly matches its voice-to-agent purpose, but it persistently changes gateway hook settings so voice requests can trigger agent turns, which needs review before use.

Install only if you intentionally want a remote voice endpoint that can start agent turns. Keep the gateway private, use and rotate strong tokens, review OpenClaw hooks configuration after install, choose transcription providers carefully, and plan cleanup for stored audio clips.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
README.md:77
Evidence
authToken: "[REDACTED]",