Security audit
KaiporaLabs OpenClaw Observability
Security checks across malware telemetry and agentic risk
Overview
This appears to do what it claims: it records OpenClaw tool/model activity and exports it to a file or webhook that the user configures.
This looks internally coherent, but observability plugins can capture sensitive prompts, tool inputs, tool outputs, errors, and session metadata. Only enable the file exporter to a location you control, and only enable the webhook exporter with an endpoint you trust. Review the redaction keys and disable hooks you do not need, especially session or agent lifecycle hooks if your sessions may contain private data.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
