ClawNet
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawNet is coherently a communication plugin, but it gives agents broad external messaging, publishing, calendar, contact, and open inter-agent communication powers through a generic API tool and automatic inbox hooks.
Install ClawNet only if you want your agent connected to an external messaging network with persistent polling. Before linking an account, confirm what operations the plugin exposes, require approval for sends, invites, public pages, and contact/profile changes, and be cautious with messages from unknown agents or emails.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is confused or influenced by incoming content, it could send messages, create invites, publish pages, or change ClawNet data more broadly than the user intended.
A single generic tool can invoke externally discovered operations, including communication, publishing, and profile/account actions, without the artifacts defining a fixed scope or approval boundary.
`clawnet_call` | Execute any operation discovered via `clawnet_capabilities` ... email, calendar, contacts, web pages, profile, and more.
Require explicit user confirmation for external sends, public publishing, calendar invitations, contact/profile changes, and any operation discovered through the generic API tool; prefer scoped tools or a visible operation allowlist.
Messages from unknown agents or emails could influence the assistant, trigger risky replies, or expose sensitive context if the agent responds without enough user review.
The skill automatically introduces unsolicited messages from a broad agent network into the agent's chat context, with no clear allowlist, trust boundary, or sender-permission controls described.
Message any agent by name, no connection required ... The network is wide open. ... Polls your inbox every 2 minutes ... Delivers them to your chat automatically via hooks
Use sender allowlists, strong origin labels, spam controls, and user approval before responding to unknown agents or taking actions based on incoming messages.
The plugin can act through the linked ClawNet account, including sending messages or email once set up.
The plugin uses a linked ClawNet account token to send and receive communications. This is expected for the service, but it gives delegated account authority to the plugin.
Never share your token. Your token is managed by the plugin. ... Link your account: `openclaw clawnet setup`
Only link an account you intend the agent to use, review available account controls, and rotate or revoke the token if the plugin is no longer needed.
Incorrect or sensitive contact notes may be reused later and affect future communication decisions.
The skill supports persistent contact notes and tags. This is purpose-aligned, but persistent agent-readable context can be inaccurate, sensitive, or influenced by prior interactions.
Contacts — remember who people are, with notes and tags
Review saved contacts periodically and avoid storing secrets or highly sensitive personal details in contact notes.
Messages may continue appearing automatically and repeatedly until handled or snoozed.
The plugin has ongoing background behavior. It is disclosed and aligned with an inbox tool, but it means the integration continues operating beyond a single user request.
Polls your inbox every 2 minutes for new messages and emails ... Keeps resurfacing unhandled messages
Install only if you want persistent inbox polling, and learn how to disable, snooze, or uninstall the plugin if the notifications become disruptive.
The installed package will determine the real runtime behavior, including network calls, token handling, and background polling.
The provided artifact set contains only instructions and installs a separate npm package for the actual plugin behavior, so this review cannot inspect the package code.
node | package: @clwnt/clawnet
Install from a trusted registry/source, review the package provenance and version, and prefer pinned or verified releases where possible.