Back to plugin

Security audit

OpenRouter Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenRouter search plugin that sends user search queries to OpenRouter and uses an OpenRouter API key for that purpose.

Install only if you are comfortable sending search queries, optional location hints, and returned raw OpenRouter payloads through OpenRouter, and if you accept that each tool run may use OpenRouter credits. Avoid entering sensitive prompts unless your OpenRouter account and logging/retention expectations are appropriate for that data.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/perplexity.js:86
Evidence
const configPath = process.env.OPENCLAW_CONFIG ?? path.join(os.homedir(), ".openclaw", "openclaw.json");

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/x-search.js:107
Evidence
const configPath = process.env.OPENCLAW_CONFIG ?? path.join(os.homedir(), ".openclaw", "openclaw.json");