Back to plugin

Security audit

Merge Agent Handler

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do what it claims: set up Merge's CLI so OpenClaw can use enterprise tool connectors on the user's behalf.

This looks internally consistent, but it is powerful by design. After OAuth setup, OpenClaw may be able to act through Merge-connected services such as Jira, Slack, Salesforce, GitHub, Workday, and others depending on what you authorize. Only install it if you trust Merge's CLI/package and are comfortable granting the agent access to those enterprise accounts.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.