Openclaw Security Gate

Implementation, requirements, and runtime instructions align with a pre-install security scanner; nothing requested or installed is disproportionate to that purpose.

This plugin appears to be what it claims: a pre-install security scanner that statically inspects package artifacts and scores risk. Before installing: (1) Keep autoApplyCacheOptimization disabled initially so it cannot change host cache/config automatically; (2) expect the scanner to fetch URL/WHOIS/SSL metadata during scans — ensure outbound network access and telemetry policy are acceptable for your environment; (3) review the default blocked/allowed domains, trusted brands, and customSensitivePatterns to reduce false positives and avoid accidental blocking of internal packages; (4) run it in a staging workspace first to validate behavior (especially message_sending hooks and any automated blocking) and confirm it only performs intended inspections. If you want deeper assurance, request the maintainer to document any telemetry endpoints or SecureChannel emission behavior and whether the plugin ever sends scan artifacts off-host.