Back to skill
Skillv0.11.6
ClawScan security
AIN - AI Node Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 29, 2026, 9:37 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The plugin's code, instructions, and dependencies are internally consistent with its stated purpose (bridging AIN into OpenClaw), but there are a few provenance/integrity notes you should verify before installing.
- Guidance
- This plugin appears to do what it says: bridge AIN into OpenClaw and route/execute prompts via configured providers. Before installing: 1) Verify the package source and version (the bundle's package.json shows v0.2.2 while registry metadata shows v0.11.6). 2) Inspect your ~/.ain/config.yaml — it may contain API keys; the plugin will read and use them to call provider endpoints. 3) Confirm you trust @felipematos/ain-cli (check its npm page and repository) because the plugin delegates network calls and routing to that package. 4) If unsure, test in an isolated environment or review the published npm package tarball to ensure it matches the source you reviewed.
Review Dimensions
- Purpose & Capability
- okName/description (AIN provider bridging, routing, tools) aligns with the declared dependency @felipematos/ain-cli and the code: providers, tools, and a routing hook are registered and call ain-cli APIs. There are no unrelated credentials or binaries requested. One minor inconsistency: registry metadata lists version 0.11.6 while package.json inside the bundle is 0.2.2 — worth verifying upstream packaging/versions.
- Instruction Scope
- okSKILL.md and the source are scoped to: load AIN config, expose AIN providers as ain:<name>, register two tools (ain_run, ain_classify), and register a before_model_resolve hook that calls AIN routing. The plugin reads the AIN configuration (expected path ~/.ain/config.yaml via ain-cli). It does not instruct reading unrelated system files or sending data to unknown external endpoints beyond configured providers.
- Install Mechanism
- okNo install spec in the registry (instruction-only), and package.json declares a normal npm dependency on @felipematos/ain-cli. There are no downloads from personal servers or extract-from-URL steps in the registry metadata. Verify the package comes from a trusted npm registry and that the included package-lock/package contents match the registry package.
- Credentials
- noteThe skill itself doesn't request env vars, but it loads the user's AIN config (default ~/.ain/config.yaml). That config typically contains provider endpoints and API keys (OpenAI keys, local endpoints, etc.). Reading and using those credentials is required for the plugin to function, but it means the plugin will have access to any secrets stored in your AIN config — ensure those configs only contain credentials you intend to expose to the plugin.
- Persistence & Privilege
- okalways is false and the plugin only registers providers/tools/hooks during registration. It does not claim permanent system-wide changes or modify other plugins. It can be invoked autonomously by agents (normal default); that increases operational blast radius but is expected for integration plugins.