Install source points to URL shortener or raw IP.
- Code
- suspicious.install_untrusted_source
- Location
- openclaw.plugin.json:24
- Evidence
"default": "http://127.0.0.1:3015"
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to do what it claims: select models using ModelHunt data, estimate costs, and invoke or install models through AI2Apps, with no unrelated credential requests.
This looks internally coherent for a model-selection and inference plugin. Before installing, confirm that you trust the configured endpoints, especially the AI2Apps inference URL, because generated-task prompts will be sent there when the tool invokes a model. Also note that the code logs request bodies and streaming responses, which may include prompts and generated content, so avoid using it with sensitive data unless you are comfortable with those logs. The visible source has some minor documentation/schema mismatches, but they look like functional quality issues rather than hidden unrelated behavior.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.install_untrusted_source
"default": "http://127.0.0.1:3015"