Back to plugin

Security audit

Language Boundary

Security checks across malware telemetry and agentic risk

Overview

This safety plugin appears purpose-built and non-malicious, but it persistently records user/action metadata by default with incomplete disclosure and limited controls.

Install only if you are comfortable with a local safety plugin observing OpenClaw activity and writing audit/state metadata under ~/.openclaw. Review or override the audit and state settings before use, keep redaction enabled, and avoid using it in highly sensitive chats or environments unless you accept the local metadata trail.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/release-check.ts:144
Evidence
execFileSync(cmd, args, { cwd: ROOT, encoding: "utf8", stdio: ["ignore", "pipe", "pipe"], timeout: 180_000 });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/reliability-smoke.ts:105
Evidence
const stdout = execFileSync(cmd, args, { cwd: opts.cwd, encoding: "utf8", timeout: opts.timeoutMs ?? 10_000, stdio: ["ignore", "pipe", "pipe"] });

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
tests/boundaries.test.ts:11
Evidence
const decision = decideOutboundMessage({ content: "api_key=[REDACTED]" }, config);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
tests/enforce-rollout.test.ts:73
Evidence
const decision = decideOutboundMessage({ content: "api_key=[REDACTED]" }, config);