Back to plugin

Security audit

ManageLM

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and requested configuration are consistent with a ManageLM portal integration that requires an API key and gateway configuration; nothing in the package appears disproportionate to its stated server-management purpose.

This plugin appears to do what it says: it forwards commands and queries between OpenClaw and a ManageLM portal using an API key stored in plugin config. Before installing: (1) Only install if you trust ManageLM (or your self-hosted portal); the plugin can trigger tasks on your servers via the portal. (2) Create and use a scoped API key with the minimum permissions required. (3) Prefer enabling only the specific managelm tools you need rather than setting tools.profile="full" if possible. (4) If you enable webhooks, set the webhookSecret and verify that the gateway endpoint /managelm/webhook is properly restricted. (5) Review the included dist/index.js (already present in the package) and consider hosting the portal yourself if you need stronger audit/control. (6) Monitor gateway and portal logs after enabling the plugin. If you need higher assurance, request the plugin source or an independent code audit.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.