Back to plugin

Security audit

tomzang_plungin Plugin

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, install script, and runtime instructions are coherent with its stated purpose (intercept LLM requests and call a firewall API); nothing in the bundle requests unrelated credentials or hidden endpoints — but installing it will cause all intercepted user inputs to be sent to whatever firewallUrl you configure, and the installer will modify your OpenClaw config to enable the plugin.

This plugin does what it says: it intercepts LLM requests and sends extracted prompt text to the firewallUrl you configure using the authKey you provide. Before installing: 1) Verify you trust the firewall endpoint and the repository release (the installer downloads releases from GitHub). 2) Back up ~/.openclaw/openclaw.json (installer also creates backups, but double-check). 3) Understand that enabling debug will log request/response previews (potentially sensitive) to OpenClaw logs. 4) Review install.sh and index.js yourself, and only provide authKey to endpoints you control or fully trust. If you need stricter guarantees, run the plugin in a controlled environment or audit the firewall service's handling of submitted content.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.