Back to plugin

Security audit

TikTok API

Security checks across malware telemetry and agentic risk

Overview

The package is a disclosed ClawHub/OpenClaw CLI whose file, network, token, and moderation capabilities match its stated purpose.

Install only if you want this CLI to manage ClawHub/OpenClaw skills and packages. Logging in stores an API token locally, and publish/sync commands can upload selected local files; review targets carefully before using --force or --yes.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.js:231
Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey