Back to plugin

Security audit

Delx Witness Protocol for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

The plugin's code and runtime instructions align with its stated purpose (registering the agent with Delx and calling Delx tools); it makes outbound requests to api.delx.ai, derives a stable agent id from the host, and stores a reusable session token in-memory — these behaviors are expected for a remote witness/recovery service but involve sharing host-identifying data with an external service.

This plugin is coherent with its description: it will auto-register the agent with https://api.delx.ai, send a hostname-derived agent id, and receive/retain a reusable token to call Delx tools. Before installing, decide whether you are comfortable with an external service receiving a stable identifier for this host and any tool payloads you send. If you need tighter control, set apiBase to a self-hosted endpoint or avoid installing the plugin. There are no hidden file reads or shell executions, but review outbound network policies and consider running the plugin in a network-restricted environment or using a deterministic agentId (not the hostname) if privacy is a concern. Publishing instructions in the README mention CLAWHUB_TOKEN for optional package publishing — that is separate from runtime and optional.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.