Back to plugin

Security audit

Policy Layer (CBS) + Security Layers

Security checks across malware telemetry and agentic risk

Overview

This is a real security-policy plugin, but its own safety controls and data-handling behavior have enough concrete gaps that users should review it before installing.

Install only after reviewing the risk-score logic and logging behavior. Treat it as a high-privilege security plugin: it can inspect prompts, tool calls, and outputs; write persistent security logs; alter OpenClaw config; and optionally learn command allowlists. Avoid opening bundled analytics HTML with sensitive logs unless CDN dependencies are removed or trusted, and do not run deploy.sh without accepting the gateway restart and pairing-state changes.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.nonstandard_network

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
tests/unit/security.test.ts:202
Evidence
const { redacted } = redactSecrets('Authorization: Bearer [REDACTED]');

WebSocket connection to non-standard port detected.

Warn
Code
suspicious.nonstandard_network
Location
tests/integration/hook-simulation.test.ts:187
Evidence
const ws = new WebSocket('ws://127.0.0.1:18789/acp', {