Security audit
Coven ACP Runtime
Security checks across malware telemetry and agentic risk
Overview
This package is an internally consistent, opt-in OpenClaw plugin that forwards ACP sessions to a local Coven daemon over a Unix socket and does not request unrelated credentials or perform surprising installs.
This plugin appears to do exactly what it claims: route OpenClaw ACP sessions through a local Coven daemon at ~/.coven/coven.sock. Before installing: (1) only enable the plugin if you run or trust a local Coven daemon — the daemon will receive projectRoot and cwd and may access repository files; (2) prefer the default socket path and keep covenHome owned and private (the code validates ownership and rejects symlinks and world/group-writable directories); (3) install from the official ClawHub release or the Coven repo and review the Coven daemon code if you don't already trust it; (4) note that fallback to the direct ACP backend is off by default — enable allowFallback only if you understand the behavior. Overall this package is coherent with its stated purpose.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
