Back to plugin

Security audit

claw-sentinel

Security checks across malware telemetry and agentic risk

Overview

This governance plugin is mostly purpose-aligned, but it includes a setup routine that directly changes local OpenClaw authorization files and restarts the gateway without a clear approval or rollback flow.

Review before installing. The core plugin behavior is coherent for cost control and DLP, and VirusTotal is clean, but the bundled setup routine should not be used unless you are comfortable with it changing OpenClaw device permission files, clearing pending approvals, and restarting the gateway. Prefer a version that removes direct authorization-file patching or uses the normal OpenClaw approval flow with confirmation, backup, and rollback.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/bin/setup.js:34
Evidence
execSync("openclaw gateway restart", { stdio: "inherit" });