Openclaw Security

The skill's code, instructions, and requirements are consistent with a local pre-call LLM guard; nothing requested or installed is disproportionate to that purpose.

This plugin appears to do what it claims: local pre-call checks and cost-aware fallback selection. Before installing: (1) Keep `debug` disabled in production — enabling it will print decision objects to stdout and may reveal prompt text (redaction only targets keys like key/token/secret/password). (2) Review any pricing overrides you supply (modelPricingUsdPer1K / modelPricingUsdPerToken) to ensure projections match your billing expectations. (3) Confirm that console logs are acceptable in your runtime (they remain local but could be captured by system logs). If you need network-blocking guarantees or stronger redaction, audit and harden logEvent and any hosting environment logging configuration.