Security audit
Meta Footer
Security checks across malware telemetry and agentic risk
Overview
The plugin's code and runtime instructions match its stated purpose (appending model/usage metadata to replies); it reads local OpenClaw config/session files but does not request external credentials or make network calls beyond the OpenClaw runtime hooks.
This plugin appears to do what it says, but consider these practical risks before installing: (1) it appends model/provider and token usage details into outgoing Telegram messages — that can leak internal model/provider choices and usage stats to chat participants (especially in group chats); (2) it reads your local OpenClaw sessions.json (from ~/.openclaw) to obtain compactionCount and reasoningLevel — the code only exposes those two fields in the footer, but it still reads the entire sessions file locally; (3) it logs info via api.logger (check your logging configuration if logs are shared). If you accept those privacy trade-offs, the plugin is coherent. If not, do not enable it in public/group channels or inspect/modify the code to remove fields you don't want exposed (for example, remove model/provider or token counts).
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
