Security audit
Zalo Personal
Security checks across malware telemetry and agentic risk
Overview
This official OpenClaw plugin does what it says: it connects a user-approved Zalo personal account to OpenClaw for messaging, with disclosed local session storage and access controls.
Install only if you are comfortable letting OpenClaw automate your Zalo personal account. Treat the saved Zalo session as sensitive, keep dmPolicy on pairing or allowlist unless you intentionally want open access, prefer numeric group/user IDs over name matching, and remember the README warns this unofficial automation may risk Zalo account suspension.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
