Security audit
Openclaw Plugin Repo
Security checks across malware telemetry and agentic risk
Overview
This plugin appears purpose-built for Comment.io, but it exposes long-lived agent secrets directly to the model prompt, which users should review before installing.
Review this carefully before installing. Use anonymous mode or a least-privileged, revocable Comment.io agent secret if possible, and assume any configured secret may become visible to the agent, logs, transcripts, or prompt-injection content. Rotate the token if it was pasted into a shared shell or if you no longer trust the agent context.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
