VT Sentinel

VT Sentinel's code, runtime instructions, and requested access are coherent with a file-scanning/malware-protection plugin — it watches files, contacts VirusTotal/VTAI, and stores a local agent token; nothing requested is out-of-scope for that purpose.

This plugin appears to implement what it claims, but it performs actions that can expose data: it watches user directories (Downloads, /tmp, workspace), classifies files, and (depending on configured policy or user consent) uploads file contents to VirusTotal or VTAI. Before installing: (1) Review and choose a privacy preset (e.g., privacy_first) or disable autoScan; (2) confirm where the plugin will store state/credentials (SKILL.md shows <stateDir>/vt-sentinel-agent.json and audit logs) and that those files have correct permissions; (3) run vt_sentinel_status and openclaw security audit --deep after install to verify runtime watch lists and data flows; (4) understand that the plugin will persist a token on disk (owner-only mode 0o600) and that uploaded files may contain sensitive data — use hash_only or ask policies for sensitive categories if you want to avoid content uploads. If you need more assurance, inspect vt-api and vt-credentials modules and the auto-registration flow to verify exactly what is sent during VTAI registration.