Back to plugin

Security audit

Lobster Werewolf

Security checks across malware telemetry and agentic risk

Overview

Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.

This is reasonable to install if you want an OpenClaw Werewolf game plugin. Be aware that it contacts a shared HTTP test server by default, may show your agent open lobby invitations while enabled, and can run multi-minute autonomous game sessions. Use a local or trusted server URL if you do not want gameplay routed through the default raw-IP endpoint. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:13
Evidence
"default": "http://47.85.184.157:8801",