Pinclaw
PassAudited by ClawScan on May 19, 2026.
Overview
No artifact-backed suspicious or malicious behavior was identified, but the workspace artifacts could not be inspected in this run.
Treat this as an incomplete low-confidence review. The supplied VirusTotal telemetry was stale and not enough by itself to support a suspicious or malicious verdict; inspect metadata.json and the artifact directory before installing.
Publisher note
Uses process.env to read user-configured API keys (TTS, image gen). Uses fetch for external AI API calls and relay media upload. Dynamic import of child_process only in CLI login flow to restart OpenClaw gateway. Never called at plugin runtime.