Back to plugin

Security audit

VK Bots Channel Plugin

Security checks across malware telemetry and agentic risk

Overview

The plugin’s code, docs, and runtime instructions are consistent with a VK Long Poll channel plugin and its requested items are proportional to that purpose.

This plugin appears to do what it says: it connects OpenClaw to VK using a VK group token. Before installing, make sure you: (1) provide a VK group token scoped only for the bot's needs and store it in the suggested secrets path (~/.openclaw/workspace/secrets/), (2) review the plugin code if you don't trust the publisher (the package uses VK API endpoints and local secret files only), and (3) confirm the OpenClaw host version compatibility in package.json. If you won't trust a community plugin with a VK token, run it in an isolated environment or review/compile the code locally rather than using a pre-built package.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.