Security audit
Compakt
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, configuration, and runtime instructions are consistent with its stated purpose (chunked context compaction for local LLMs); no disproportionate credentials, secret access, or unexpected network endpoints were found.
This plugin appears to be what it says: a local compaction provider that summarizes conversation chunks using a local Ollama model. Before installing: 1) Verify you are installing the package from the intended source (the project repo / npm package) since the registry metadata labels it instruction-only despite included dist/ and package.json files. 2) Confirm you run a local Ollama instance (127.0.0.1:11434 by default) and that the compaction model you configure (summaryModel) exists locally — the plugin will call that local HTTP API. 3) The included CLI edits ~/.openclaw/openclaw.json; the CLI creates a timestamped backup but inspect the backup and resulting config after running. 4) Review the dist/ sources (they are provided) if you want to verify behavior yourself; no secrets are requested by the plugin. 5) As with any plugin that can be invoked autonomously, consider enabling it only for test agents initially and monitor logs for unexpected external calls (there are none documented beyond the local Ollama endpoint).
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
