Back to plugin

Security audit

AgentKit

Security checks across malware telemetry and agentic risk

Overview

AgentKit appears to be a disclosed beta approval plugin, but it can control protected-tool approvals and store temporary trust grants, so it should be configured carefully.

This looks consistent with a World/AgentKit human-approval plugin rather than malicious behavior. Before installing, confirm you are using a compatible OpenClaw build, configure only the protected tools you intend, prefer allow-once or short session-scoped grants for sensitive actions, keep signing keys and private keys out of repositories, and verify any broker or gateway URLs you configure.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.