Back to plugin

Security audit

Nebius Token Factory

Security checks across malware telemetry and agentic risk

Overview

No malicious behavior is evident; this appears to be a normal Nebius model-provider plugin, but it stores a Nebius API key and changes persistent OpenClaw configuration.

Before installing, confirm you trust this ClawHub package and Nebius as the model provider. Use a dedicated API key, protect the auth profile file, preserve any existing OpenClaw plugin allowlist entries, and verify whether your installation uses the `nebius/` or `tokenfactory/` model prefix.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.