Back to plugin

Security audit

PLaMo Provider

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PLaMo model-provider plugin that uses a PLaMo API key to send model requests to the configured provider endpoint.

Install only if you intend OpenClaw to route prompts and responses through Preferred Networks PLaMo. Provide PLAMO_API_KEY through OpenClaw’s normal onboarding or environment flow, and be careful with any custom provider endpoint override because it can change where model traffic is sent.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:77
Evidence
apiKey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/provider-catalog.js:70
Evidence
const apiKey = [REDACTED](PROVIDER_ID).apiKey ?? ctx.resolveProviderApiKey(PROVIDER_ID).apiKey;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/stream.js:848
Evidence
const apiKey = [REDACTED](model, options);