Back to plugin

Security audit

Thalamus (plugin shim)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward OpenClaw shim for Thalamus, but the real functionality comes from a separate npm package that should be reviewed separately.

The shim itself looks coherent and minimal. The main thing to check before installing is the separate `openclaw-thalamus` npm package, because that package provides the MCP server, CLI, and optional dashboard that will actually run. If you trust that upstream package and expect a local Thalamus MCP server to be added to OpenClaw, the requested behavior matches the stated purpose.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.