Back to plugin

Security audit

OpenClaw Toolkit - AI助手增强工具包

Security checks across malware telemetry and agentic risk

Overview

The package is an instruction-only OpenClaw toolkit whose declared purpose (commands/agents/skills for research, review, docs, connectors) matches the files and runtime instructions; it requires no installs or mandatory credentials, but it includes connectors and command templates that can read local files and execute commands so you should only enable connectors and provide secrets when you trust the source.

This toolkit is internally consistent with its stated purpose, but review and act cautiously before enabling connectors or supplying secrets: 1) Only provide GITHUB_TOKEN/DATABASE_URL/AWS keys if you need those connectors; use least-privilege (read-only) tokens and temporary credentials where possible. 2) Inspect the SKILL.md files for any commands you don’t want run automatically — /connect templates show exec of arbitrary CLI commands (gh, docker, kubectl). 3) The package runs read/exec/write/browser actions (expected for code review and web research) so prefer installing in a sandbox or test user account first and avoid exposing sensitive system files. 4) Note minor documentation inconsistencies (path names: ~/.workbuddy vs ~/.openclaw/ workspace) — verify install paths before copying files. 5) If you need a higher assurance, review the specific SKILL.md under skills/ you plan to use and request minimal credentials for those features only.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.