Security audit
Proactive Engine
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, declared purpose, and runtime behavior are internally consistent: it reads/writes local OpenClaw workspace files to capture signals and manage goals/memory and exposes internal HTTP routes for status/inspection — this matches the described 'proactive engine' role, but it accesses user workspace data and exposes it over plugin HTTP endpoints, so run only in a trusted environment.
This plugin appears to do what it says: it stores and indexes signals and writes/reads files under ~/.openclaw/workspace/.soul and memory. Before installing, consider: (1) these files may contain sensitive conversation/context data — ensure the OpenClaw plugin HTTP interface is only accessible to trusted callers; (2) review the full index.ts (the file shown is truncated) to confirm there are no unexpected network calls or exports of data to external endpoints; (3) back up or audit existing workspace files (goals.json, daily_context.json, narrative.jsonl, signals) if you are concerned about automatic writes; (4) test in a non-production or isolated environment first. If you want, I can scan the remainder of index.ts (full file) to confirm there are no hidden network calls or other risks — provide the full content and I will re-evaluate (this would increase confidence).
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
