Security audit
Plugin
Security checks across malware telemetry and agentic risk
Overview
This plugin's code, config schema, and requested secrets are coherent with its stated purpose (connecting OpenClaw to WhatsApp via an imBee routing service); nothing in the bundle indicates unexplained access or hidden exfiltration.
This plugin behaves as an OpenClaw channel adapter that connects to an imBee routing server you configure. Before installing: - Only set routingBaseUrl to a server you trust; the plugin will send your configured apiKey and message payloads to that server. An attacker-controlled routingBaseUrl could exfiltrate messages or the apiKey. - Store the apiKey in OpenClaw's secrets or otherwise treat it as sensitive; the plugin includes it in Authorization headers when connecting. - The SKILL.md provided is just package metadata; review the source files (present in the package) to verify behavior and trustworthiness (e.g., check the repository and author). - If you require a higher assurance, verify the plugin package signature or review the upstream GitHub repo and the imBee service terms before enabling in production.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
