Security audit
Carbonvoice Openclaw Extension 2026.5.14.Tgz
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Carbon Voice channel plugin, but it uses a Carbon Voice token and can read, reply to, and acknowledge Carbon Voice messages when enabled.
Install only if you intend OpenClaw to operate as a Carbon Voice channel. Use a dedicated Carbon Voice agent PAT, verify the API base URL and webhook URL, restrict inbound senders with `creatorId` if appropriate, and consider removing or checking the bundled older `.tgz` archive before deployment.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
