Back to plugin

Security audit

RustFix

Security checks across malware telemetry and agentic risk

Overview

The plugin's code and runtime instructions match its Rust error-explainer purpose; no credentials or external endpoints are requested, but a large package-lock and the plugin's auto-detection hook are worth reviewing before install.

This plugin is coherent with its stated purpose and doesn't request secrets or external network calls in its source. Before installing: 1) Confirm how OpenClaw installs plugins — if it runs npm install, the included package-lock.json contains many large dependencies (AWS/Anthropic SDKs) that are not referenced by the plugin code; consider asking the author to prune or explain the lockfile. 2) Be aware the plugin's auto-detection hook will scan string outputs from other tools and append explanations automatically — if you prefer manual invocation, avoid enabling or remove/disable the hook. 3) If you have privacy concerns, audit or run the code locally (npm test passes) to verify no network exfiltration occurs; the current code performs only local parsing/formatting and looks safe. If you want higher assurance, request that the maintainer publish a minimized lockfile or a build artifact that excludes unrelated dependencies.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.