Security audit
ClawFirewall
Security checks across malware telemetry and agentic risk
Overview
ClawFirewall's code, docs, and runtime behavior match its stated purpose as a local pre-call cost-and-token guard; it requests no external credentials or installs and contains no evidence of exfiltration.
This plugin appears to be what it claims: a local pre-call cost and token guard. Before installing: (1) keep debug disabled in production to avoid extra logging; (2) review any runtime code you integrate into your agent to confirm you only pass non-sensitive objects to the guard (the plugin redacts keys by name but will log whatever event object you give it when debug is on); (3) if you override model pricing ensure the overrides are correct for your billing; and (4) verify you are comfortable with a small npm dependency (zod). If you need stricter auditing, run the included tests and examine runtime logs locally with debug:true in a safe environment.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
