Security audit
Telegram Footer Plugin
Security checks across malware telemetry and agentic risk
Overview
The plugin's code and instructions match its stated purpose (appending a compact Telegram footer) and it does not contact external endpoints or request credentials, but it reads local OpenClaw session/transcript files (user home) which is a privacy-sensitive action that should be understood before enabling.
This plugin appears to do what it claims: precompute and append a compact Telegram footer by reading outgoing assistant messages and (when needed) the tail of local OpenClaw session files. It does not contact external servers or ask for keys. Before installing: 1) Understand that it reads session/transcript files under your home directory (~/.openclaw/agents/.../sessions/*.jsonl) which may contain sensitive message content — if you are concerned about privacy, review the code yourself or run it in a test agent. 2) Confirm you trust the publisher (C-Joey) and are comfortable granting the plugin access to local session data. 3) Consider asking the author to document the config path requirement in registry metadata (so the access is explicit). 4) Enable the plugin in a limited configuration (directOnly: true, channels: ['telegram']) and test with non-sensitive data first; disable if unexpected behavior appears.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
