Back to plugin

Security audit

Opik

Security checks across malware telemetry and agentic risk

Overview

This is a real Opik tracing plugin, but it can export full conversation/tool data and upload referenced local media files with insufficient user-facing controls or warnings.

Install only if you are comfortable sending OpenClaw prompts, responses, tool inputs/outputs, errors, identifiers, and possible referenced media files to your configured Opik backend. Avoid using it on sensitive or regulated conversations unless you have reviewed Opik retention/access controls and can contain what data appears in prompts, tool results, and local media links.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/types.js:31
Evidence
apiKey: [REDACTED](cfg.apiKey),

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/types.ts:53
Evidence
apiKey: [REDACTED](cfg.apiKey),