Security audit
RustFix
Security checks across malware telemetry and agentic risk
Overview
The plugin's code and runtime instructions match its Rust error-explainer purpose; no credentials or external endpoints are requested, but a large package-lock and the plugin's auto-detection hook are worth reviewing before install.
This plugin is coherent with its stated purpose and doesn't request secrets or external network calls in its source. Before installing: 1) Confirm how OpenClaw installs plugins — if it runs npm install, the included package-lock.json contains many large dependencies (AWS/Anthropic SDKs) that are not referenced by the plugin code; consider asking the author to prune or explain the lockfile. 2) Be aware the plugin's auto-detection hook will scan string outputs from other tools and append explanations automatically — if you prefer manual invocation, avoid enabling or remove/disable the hook. 3) If you have privacy concerns, audit or run the code locally (npm test passes) to verify no network exfiltration occurs; the current code performs only local parsing/formatting and looks safe. If you want higher assurance, request that the maintainer publish a minimized lockfile or a build artifact that excludes unrelated dependencies.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
