Security audit
Thalamus (plugin shim)
Security checks across malware telemetry and agentic risk
Overview
This appears to be a straightforward OpenClaw shim for Thalamus, but the real functionality comes from a separate npm package that should be reviewed separately.
The shim itself looks coherent and minimal. The main thing to check before installing is the separate `openclaw-thalamus` npm package, because that package provides the MCP server, CLI, and optional dashboard that will actually run. If you trust that upstream package and expect a local Thalamus MCP server to be added to OpenClaw, the requested behavior matches the stated purpose.
VirusTotal
60/60 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
