Back to plugin

Security audit

Openclaw Interven Guard

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, docs, and runtime instructions are internally consistent with its stated purpose of forwarding outbound tool-call metadata to an Interven scan gateway and enforcing ALLOW/DENY/SANITIZE/REQUIRE_APPROVAL decisions.

This plugin appears to do what it says: it forwards outbound tool-call metadata to an Interven gateway for policy decisions and enforces ALLOW/DENY/SANITIZE/REQUIRE_APPROVAL. Before installing: 1) Decide whether you want global coverage — guardAllTools defaults to true and will send parameters for third‑party/future tools to the gateway; if that risks exposing secrets, set guardedTools to a minimal list (e.g., ["web_fetch"]). 2) Protect the Interven API key in ~/.openclaw/openclaw.json (file perms, do not commit to git), or consider self‑hosting Interven via gatewayUrl for sensitive environments. 3) Understand the approval flow: REQUIRE_APPROVAL is a hard block that expects a separate security analyst to approve in the Interven console before retrying. 4) If you need absolute assurance about exactly which fields are transmitted, review index.ts’s payload builders (they are included) or run the plugin in a staging environment to observe the scan payloads. If you want narrower data‑sharing, do not enable guardAllTools and scope guardedTools to the minimal set needed.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.