Back to plugin

Security audit

Context Meter

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do what it claims: read OpenClaw session token usage and send a small context-usage footer to Telegram.

This looks internally coherent for a context-meter plugin. Before installing, be aware that it can read OpenClaw session state files to find token counts and can send messages using your Telegram bot token, because those are necessary for its advertised function. Prefer installing from the trusted registry/source and consider pinning the version if following the manual npm instructions.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:72
Evidence
return process.env.OPENCLAW_STATE_DIR ?? join(process.env.HOME ?? "/root", ".openclaw");

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
index.ts:204
Evidence
const sessions: Record<string, any> = JSON.parse(readFileSync(sessionsFile, "utf8"));