Back to plugin

Security audit

OpenClaw Safe Agent CLI MCP

Security checks across malware telemetry and agentic risk

Overview

The skill is documented as a safety-focused local CLI wrapper, but the bundle registers MCP servers whose implementation files are not included, so its promised safeguards are not evidence-backed.

Treat this as a Review item, not proven malware. The concept is coherent and safety-oriented, but the supplied bundle lacks the actual server code it registers. Before installing, verify that the complete packages/ implementation is present, buildable, and reviewed; then configure narrow allowedRoots and use dry-run mode before allowing writes.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.