Back to plugin

Security audit

openclaw-syncralis

Security checks across malware telemetry and agentic risk

Overview

This package is a disclosed MCP gateway for workspace file sharing, URL downloads, and web search, with no artifact-backed malicious behavior found.

Install only if you want an MCP tool that can read files in its configured workspace, save new files there, call external search APIs, and generate public Ngrok download links. Treat generated links as public to anyone who has the URL, use a strong URL_SIGNING_SECRET, keep WORKSPACE_DIR narrow, and avoid placing sensitive files in the shared workspace unless you intend the agent to access them.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
README.md:345
Evidence
rm -rf ~/.openclaw/extensions/openclaw-syncralis