Security audit
OpenClaw Middleware Suite
Security checks across malware telemetry and agentic risk
Overview
The suite’s purpose is coherent, but it is a high-privilege auto-start plugin whose executable code is not present in the reviewed artifacts and whose “nothing leaves your machine” claim is too broad for its documented routing and notification features.
Before installing, inspect the actual npm package or source build that provides the dist entrypoints, then review the dashboard/CLI settings for model routing, PII sanitization, approval notifications, and startup activation. Do not rely on the “nothing leaves your machine” wording without confirming the provider and notification configuration.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
