Back to plugin

Security audit

ebb-ai — carbon-aware deferral

Security checks across malware telemetry and agentic risk

Overview

This plugin appears purpose-built for carbon-aware task deferral, but it needs review because it can automatically queue background AI work and later send results to arbitrary webhooks, Telegram, or filesystem paths.

Install only if you are comfortable with a startup-activated scheduler that stores queued prompts/results locally and can run them later through OpenAI, Anthropic, or the OpenClaw runtime. Avoid using webhook or file delivery unless you fully trust the destination/path, and prefer explicit scheduling language plus chat or queue-only delivery for sensitive tasks.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:4298
Evidence
const key = apiKey ?? process.env.EBB_ELECTRICITY_MAPS_API_KEY;