Back to plugin

Security audit

Carbonvoice Openclaw Extension 2026.5.14.Tgz

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Carbon Voice channel plugin, but it uses a Carbon Voice token and can read, reply to, and acknowledge Carbon Voice messages when enabled.

Install only if you intend OpenClaw to operate as a Carbon Voice channel. Use a dedicated Carbon Voice agent PAT, verify the API base URL and webhook URL, restrict inbound senders with `creatorId` if appropriate, and consider removing or checking the bundled older `.tgz` archive before deployment.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.