Security audit
ClawMetry Plugin
Security checks across malware telemetry and agentic risk
Overview
ClawMetry appears to be a disclosed observability plugin, but it handles sensitive agent telemetry and can install a persistent local dashboard with optional cloud sync.
This skill is reasonable for local OpenClaw observability, but install it only if you are comfortable with a dashboard that can see agent sessions, memory/log data, and usage costs. Keep the host at 127.0.0.1 unless you need LAN access, avoid cloud sync unless you trust the ClawMetry cloud path, and review the external pip/curl installer before using the persistent service setup.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
