Security audit
AgentKit
Security checks across malware telemetry and agentic risk
Overview
AgentKit appears to be a disclosed beta approval plugin, but it can control protected-tool approvals and store temporary trust grants, so it should be configured carefully.
This looks consistent with a World/AgentKit human-approval plugin rather than malicious behavior. Before installing, confirm you are using a compatible OpenClaw build, configure only the protected tools you intend, prefer allow-once or short session-scoped grants for sensitive actions, keep signing keys and private keys out of repositories, and verify any broker or gateway URLs you configure.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
