Back to plugin

Security audit

OpenClaw Auth Wiper

Security checks across malware telemetry and agentic risk

Overview

The skill's code, instructions, and requested access are consistent with a local OpenClaw model-auth reset utility and do not request unrelated credentials or network access.

This appears to be a legitimate, narrowly scoped utility. Before running: 1) Always run the dry-run first (npx openclaw-auth-wiper --dry-run) and inspect the report. 2) Verify the backup folder (~/.openclaw/.auth-wiper-backups/<timestamp>) contains expected backups before applying. 3) Prefer running npx (or inspect the dist/ source) rather than blindly installing global packages. 4) Confirm you trust the publisher (Growthcircle.id) and your OpenClaw version compatibility. 5) Be cautious using --all-agents or --apply --yes on multi-user systems—this will affect every agent under the OpenClaw home. If you want extra assurance, review the dist/wiper.js transform functions in this repo locally to confirm the exact JSON fields that will be removed.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.