Security audit
OctoGlyphs
Security checks across malware telemetry and agentic risk
Overview
The plugin is mostly a local OctoGlyphs companion game, but it subscribes to a message hook that its own documentation says should be forbidden for privacy reasons.
Review before installing if your OpenClaw sessions may contain sensitive prompts or private work. The plugin appears designed to send only sanitized metadata to a local companion, but it currently subscribes to `message_received`, which its own documentation identifies as a forbidden content-bearing hook. Ask the publisher to remove that hook or clearly document why it is safe before using it on confidential projects.
VirusTotal
62/62 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
