Security audit
OpenClaw Safe Agent CLI MCP
Security checks across malware telemetry and agentic risk
Overview
The skill is documented as a safety-focused local CLI wrapper, but the bundle registers MCP servers whose implementation files are not included, so its promised safeguards are not evidence-backed.
Treat this as a Review item, not proven malware. The concept is coherent and safety-oriented, but the supplied bundle lacks the actual server code it registers. Before installing, verify that the complete packages/ implementation is present, buildable, and reviewed; then configure narrow allowedRoots and use dry-run mode before allowing writes.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
