Back to plugin

Security audit

Compakt

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, configuration, and runtime instructions are consistent with its stated purpose (chunked context compaction for local LLMs); no disproportionate credentials, secret access, or unexpected network endpoints were found.

This plugin appears to be what it says: a local compaction provider that summarizes conversation chunks using a local Ollama model. Before installing: 1) Verify you are installing the package from the intended source (the project repo / npm package) since the registry metadata labels it instruction-only despite included dist/ and package.json files. 2) Confirm you run a local Ollama instance (127.0.0.1:11434 by default) and that the compaction model you configure (summaryModel) exists locally — the plugin will call that local HTTP API. 3) The included CLI edits ~/.openclaw/openclaw.json; the CLI creates a timestamped backup but inspect the backup and resulting config after running. 4) Review the dist/ sources (they are provided) if you want to verify behavior yourself; no secrets are requested by the plugin. 5) As with any plugin that can be invoked autonomously, consider enabling it only for test agents initially and monitor logs for unexpected external calls (there are none documented beyond the local Ollama endpoint).

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.