Back to plugin

Security audit

Meta Footer

Security checks across malware telemetry and agentic risk

Overview

The plugin's code and runtime instructions match its stated purpose (appending model/usage metadata to replies); it reads local OpenClaw config/session files but does not request external credentials or make network calls beyond the OpenClaw runtime hooks.

This plugin appears to do what it says, but consider these practical risks before installing: (1) it appends model/provider and token usage details into outgoing Telegram messages — that can leak internal model/provider choices and usage stats to chat participants (especially in group chats); (2) it reads your local OpenClaw sessions.json (from ~/.openclaw) to obtain compactionCount and reasoningLevel — the code only exposes those two fields in the footer, but it still reads the entire sessions file locally; (3) it logs info via api.logger (check your logging configuration if logs are shared). If you accept those privacy trade-offs, the plugin is coherent. If not, do not enable it in public/group channels or inspect/modify the code to remove fields you don't want exposed (for example, remove model/provider or token counts).

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.