Security audit
Mediaclaw Plugin
Security checks across malware telemetry and agentic risk
Overview
The media-generation plugin is mostly purpose-aligned, but it may log provider API keys from capability overrides, so it needs review before use.
Install only if you trust the provider endpoints and local media processing. Before using provider keys, ask the publisher to redact config logging or avoid putting apiKey values in capability-level overrides; if keys may already have been logged, rotate them. Use a dedicated workspace/output folder and review any persistent AVATAR preference files.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
