Security audit
Humanclaw
Security checks across malware telemetry and agentic risk
Overview
HumanClaw is internally consistent with its stated purpose (a manual, copy/paste 'human-in-the-loop' provider) and does not request unexpected credentials or privileged install behavior, but installing it will add plugin code and pull normal npm dependencies and the workflow intentionally sends prompts to third-party chatbots (which can expose sensitive content).
HumanClaw implements an explicit manual workflow: prompts produced by OpenClaw are shown in your gateway terminal and you must copy them into a third-party chatbot and paste the response back. That means any sensitive data in prompts (API keys, PII, secrets, private documents, source code) will be shared with whatever chatbot you paste into. Before installing: 1) Review the plugin source (src/index.ts, src/console-channel.ts) if you can — the package includes executable code and will pull npm dependencies. 2) Avoid using HumanClaw for prompts containing secrets or private data; prefer local models or masked prompts if necessary. 3) Expect npm dependencies to be installed (transitive packages shown in pnpm-lock.yaml); run installs in a controlled environment if you are cautious. 4) If you want zero-network assurance, do not paste prompts into cloud chatbots; instead run a local model and paste to that. Overall the skill appears to do what it claims (benign), but be mindful of deliberate user-driven data sharing to third-party services.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
