Security audit
Compresh
Security checks across malware telemetry and agentic risk
Overview
The package appears to be a legitimate ClawHub CLI/repository skill bundle whose sensitive actions are disclosed, user-directed, and aligned with install, publish, review, and moderation workflows.
Install only if you trust ClawHub/OpenClaw as a package registry and CLI provider. Be aware that logged-in installs report minimal install telemetry unless disabled, package publish/delete/transfer commands affect registry state, and review helpers may send code bundles to the selected AI reviewer provider.
VirusTotal
65/65 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
