Openclaw Plugin
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent security-scanning plugin, but users should understand that it can inspect and block agent messages, store quarantine metadata, use LLM classification, and rely on an external hopeid package.
This skill is appropriate to consider if you want an IDS-style OpenClaw security plugin. Before installing, review the hopeid dependency and setup command, decide whether auto-scan or strict blocking should be enabled, configure only trusted LLM and Telegram providers, and periodically review or clean quarantine records.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Legitimate messages may be blocked or annotated with security warnings when auto-scan or strict mode is enabled.
The plugin can alter or stop message flow before an agent acts. This is core IDS behavior, but it can affect availability or task completion if thresholds produce false positives.
Auto-scan — Scan messages before agent processing ... BLOCK (strictMode): ... → ABORT (no recall, no agent) ... WARN (non-strict): → Inject <security-alert>
Enable auto-scan and strict mode intentionally, test thresholds with expected traffic, and keep human review available for false positives.
Sensitive content in scanned messages may be sent to the configured model/provider or classifier route.
When the llm-task classifier path is used, message text is passed to another plugin/model route for classification.
const result = await api.invokeTool('llm-task', { ... input: { message: message.substring(0, 2000), source: context.source ?? 'unknown'Use trusted LLM providers or endpoints, and disable semantic or llm-task classification if message contents should not leave the local/plugin boundary.
Quarantine metadata and review decisions can persist across sessions and may influence later security handling.
The fallback quarantine manager persists detection records locally, including metadata such as sender, risk, patterns, content hash, and status.
const recordsFile = path.join(baseDir, 'records.json'); ... fs.writeFileSync(recordsFile, JSON.stringify(records, null, 2));
Set an appropriate quarantine directory and retention process, review trust/approval decisions carefully, and avoid sharing the quarantine directory unnecessarily.
Installing or updating the dependency may introduce behavior not visible in these plugin artifacts.
The plugin relies on an external hopeid package through a semver range, so future dependency updates could change core IDS behavior.
"dependencies": { "hopeid": "^0.1.0" }Review the hopeid package provenance, consider pinning an exact dependency version, and avoid running setup commands from sources you do not trust.
Blocked-message metadata may be sent through the configured Telegram bot and chat.
Telegram alerting uses existing OpenClaw Telegram channel credentials when configured.
"telegramAlerts": { "type": "boolean", "default": true, "description": "Send Telegram alerts for blocked messages. Requires Telegram channel configured in OpenClaw (channels.telegram.botToken)" }Confirm the bot token and chat ID are trusted, restrict who can access the alert channel, and disable Telegram alerts if they are not needed.