Security audit
@durenzidu/openclaw-channel-powpow
Security checks across malware telemetry and agentic risk
Overview
This plugin appears to implement exactly what it claims (a WebSocket-based PowPow channel for OpenClaw); requirements and code are consistent with that purpose, with only small documentation/packaging inconsistencies you should verify before installing.
This plugin's code matches its description: it opens WebSocket connections to a PowPow endpoint and routes messages into OpenClaw. Before installing, verify the repository and maintainer (SKILL.md references '@soimy' while package/registry use 'durenzidu') to ensure you fetched the intended publisher. Understand that enabling the channel will allow your OpenClaw instance to exchange messages with the remote PowPow service (wss://global.powpow.online:8080 by default) — only enable accounts you control and consider using allowlist/blocklist policies to limit incoming users. Because the plugin opens network connections, confirm the PowPow service is trusted for any sensitive data you may route through it. If you need more assurance, inspect the packaged dist/ files in the repository or run the plugin in an isolated environment first.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
