Back to plugin

Security audit

ClawNexus

Security checks across malware telemetry and agentic risk

Overview

ClawNexus matches a team RAG purpose, but it includes automatic conversation collection and sharing with an external LLM and configured team server, which needs careful review before use.

Install only in a trusted team environment. Before enabling it, confirm the serverUrl, secret, and LLM endpoints, avoid using it in chats containing secrets or sensitive client data, and ask for clear opt-out, redaction, retention, and access-control settings.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:46
Evidence
apiKey: cfg.llmApiKey ?? process.env.DASHSCOPE_API_KEY ?? ""