Back to plugin

Security audit

ZenMux

Security checks across malware telemetry and agentic risk

Overview

ZenMux appears to do what it claims: it adds a ZenMux LLM provider and uses only ZenMux-specific credentials and endpoints.

Install this if you intend to route OpenClaw model requests through ZenMux. You should expect your prompts and the ZenMux API key to be used for calls to ZenMux, but this bundle does not show unrelated credential access, unexpected endpoints, or disproportionate installation behavior.

VirusTotal

57/57 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:69
Evidence
const apiKey = [REDACTED](PROVIDER_ID).apiKey;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:76
Evidence
const apiKey = [REDACTED](PROVIDER_ID).apiKey;