Back to plugin

Security audit

SoundAI LLM Provider

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to be what it says: an OpenClaw provider for SoundAI/AzeroGPT; nothing in the code or instructions tries to access unrelated credentials or system files — the only noteworthy issue is a small metadata mismatch about the API key requirement and a normal build-from-source dependency download.

This plugin is broadly coherent with its stated purpose. Before installing: (1) prefer installing from the OpenClaw/ClawHub registry rather than building from a local source; (2) verify you trust the SoundAI domain (https://openapi-gateway-azero.soundai.com) where the provider points; (3) be aware the plugin requires a SoundAI API key (SOUNDAI_API_KEY) even though the registry metadata omitted that — supply the key via OpenClaw's onboarding/token store rather than exporting it globally; (4) if you build from source, note that 'npm install' will download dependencies from npm — review package-lock.json if you need to audit fetched packages; and (5) if you see unexpected network traffic after installation, disable the plugin and investigate logs.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.