Security audit
VK Bots Channel Plugin
Security checks across malware telemetry and agentic risk
Overview
The plugin’s code, docs, and runtime instructions are consistent with a VK Long Poll channel plugin and its requested items are proportional to that purpose.
This plugin appears to do what it says: it connects OpenClaw to VK using a VK group token. Before installing, make sure you: (1) provide a VK group token scoped only for the bot's needs and store it in the suggested secrets path (~/.openclaw/workspace/secrets/), (2) review the plugin code if you don't trust the publisher (the package uses VK API endpoints and local secret files only), and (3) confirm the OpenClaw host version compatibility in package.json. If you won't trust a community plugin with a VK token, run it in an isolated environment or review/compile the code locally rather than using a pre-built package.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
