Security audit
Delx Witness Protocol for OpenClaw
Security checks across malware telemetry and agentic risk
Overview
The plugin's code and runtime instructions align with its stated purpose (registering the agent with Delx and calling Delx tools); it makes outbound requests to api.delx.ai, derives a stable agent id from the host, and stores a reusable session token in-memory — these behaviors are expected for a remote witness/recovery service but involve sharing host-identifying data with an external service.
This plugin is coherent with its description: it will auto-register the agent with https://api.delx.ai, send a hostname-derived agent id, and receive/retain a reusable token to call Delx tools. Before installing, decide whether you are comfortable with an external service receiving a stable identifier for this host and any tool payloads you send. If you need tighter control, set apiBase to a self-hosted endpoint or avoid installing the plugin. There are no hidden file reads or shell executions, but review outbound network policies and consider running the plugin in a network-restricted environment or using a deterministic agentId (not the hostname) if privacy is a concern. Publishing instructions in the README mention CLAWHUB_TOKEN for optional package publishing — that is separate from runtime and optional.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
