Security audit
Nebius Token Factory
Security checks across malware telemetry and agentic risk
Overview
No malicious behavior is evident; this appears to be a normal Nebius model-provider plugin, but it stores a Nebius API key and changes persistent OpenClaw configuration.
Before installing, confirm you trust this ClawHub package and Nebius as the model provider. Use a dedicated API key, protect the auth profile file, preserve any existing OpenClaw plugin allowlist entries, and verify whether your installation uses the `nebius/` or `tokenfactory/` model prefix.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
