Security audit
Database
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, instructions, and config are coherent with a local SQLite database tool and do not request unrelated credentials or network access.
This plugin appears to be what it claims: a local SQLite manager. Before installing: (1) choose or review the configured storagePath — don't point it at an existing sensitive file or directory; (2) be aware npm install will fetch transitive dependencies listed in package-lock (review package-lock if you want to audit exact dependencies); (3) the plugin will create and write the SQLite file under your home path and requires restarting the OpenClaw gateway to enable; and (4) because plugins can be invoked by agents, only enable it in agent environments you trust. If you need stronger isolation, run OpenClaw and this plugin in a separate user/VM/container.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
