Security audit
EdgeOps
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate-looking EdgeOps administration plugin, but it gives an agent broad remote operations power, including SSH, remote file writes, prompt/config changes, and server-defined dynamic tools, without enough local guardrails shown in the package.
Install only if you trust the EdgeOps server configured by baseUrl and the operators who control its manifest. Use a least-privilege EdgeOps token, prefer a self-hosted or verified base URL, restrict which agents can use claw-ops, and review dynamic tools before allowing the agent to perform SSH, file-write, or prompt-update actions.
VirusTotal
65/65 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
