Security audit
ClawGlassOS (Even G2)
Security checks across malware telemetry and agentic risk
Overview
This plugin is mostly a coherent smart-glasses chat bridge, but it gives every admitted glasses message command-capable status and can log raw message text and device identifiers on an error path.
Review before installing. Use a strong shared token, keep dmPolicy on allowlist or pairing, bind the WebSocket only to a trusted interface or private network, and avoid enabling Azure STT unless sending captured audio to that provider is acceptable. The maintainer should gate CommandAuthorized behind explicit command consent and redact message text/device IDs from logs.
VirusTotal
60/60 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
