Back to plugin

Security audit

Coven ACP Runtime

Security checks across malware telemetry and agentic risk

Overview

This package is an internally consistent, opt-in OpenClaw plugin that forwards ACP sessions to a local Coven daemon over a Unix socket and does not request unrelated credentials or perform surprising installs.

This plugin appears to do exactly what it claims: route OpenClaw ACP sessions through a local Coven daemon at ~/.coven/coven.sock. Before installing: (1) only enable the plugin if you run or trust a local Coven daemon — the daemon will receive projectRoot and cwd and may access repository files; (2) prefer the default socket path and keep covenHome owned and private (the code validates ownership and rejects symlinks and world/group-writable directories); (3) install from the official ClawHub release or the Coven repo and review the Coven daemon code if you don't already trust it; (4) note that fallback to the direct ACP backend is off by default — enable allowFallback only if you understand the behavior. Overall this package is coherent with its stated purpose.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.