ClawHub

G.workspace

v3.1.0

G.workspace — 群共享文件空间插件。通过 OpenClaw 插件注册 Discord 斜杠命令(/ws_create, /ws_files 等),代理到 G.workspace REST API。单 bot 架构,无冲突。包含插件源码,安装后需手动部署到 extensions 目录。

0· 46·0 current·0 all-time
by@luojingwei123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Discord slash commands that proxy to a G.workspace REST API) match the included plugin code which registers commands and issues HTTP requests to a localhost REST endpoint. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs cloning and running a gworkspace backend and copying the plugin into OpenClaw extensions — consistent with the plugin. Small mismatch: openclaw.plugin.json exposes a configurable port, but the plugin code uses a hardcoded GW_BASE = 'http://localhost:3080' and does not read the provided config; this may cause confusion if you change the port in OpenClaw config. SKILL.md also warns to leave DISCORD_TOKEN empty; verify the backend's behavior before running with real tokens.
Install Mechanism
No automated install spec; the SKILL.md requires manual cloning of a GitHub repo and copying the plugin directory into extensions. That is low-risk compared to arbitrary downloads. The external repo (https://github.com/gworkspace/gworkspace.git) is referenced — you should inspect that repository before running.
Credentials
The skill declares no required environment variables or credentials. The code only contacts http://localhost:3080 (the local G.workspace backend). There are no surprising SECRET/TOKEN env requirements in the package itself. Ensure you do not populate backend DISCORD_* tokens unless you intend the backend to interact with Discord.
Persistence & Privilege
always is false and default autonomous invocation is allowed (expected for plugins). The package does not request to modify other plugins or system-wide settings; installation is manual and limited to adding an extension directory and enabling it in openclaw.json.
Assessment
This package appears coherent for its stated purpose, but take these precautions before installing: - Review the full plugin source (plugin/index.ts) and the upstream gworkspace backend code you will clone from GitHub to ensure no hidden exfiltration or unexpected network calls. - Confirm the backend is bound to localhost only and does not have public network exposure; the plugin will send requests to localhost:3080 by default. - Note the plugin hardcodes GW_BASE to http://localhost:3080 and may ignore the configured port in openclaw.json — if you change the port, verify the plugin still reaches the backend. - Do not populate DISCORD_TOKEN / DISCORD_BOT_TOKEN in the backend's .env unless you trust the backend and intend it to connect to Discord. - Because the repository/source is listed as 'unknown', inspect the cloned repository and audit its node scripts (npm install outcomes) before running node src/index.js. If you are not comfortable auditing the backend, run it in an isolated environment (container/VM) and limit network access.

Like a lobster shell, security has layers — review code before you run it.

collaborationvk971js05kebpsnynzjhjs52ymh84scdzdiscordvk971js05kebpsnynzjhjs52ymh84scdzlatestvk97bv49y6eyvp062xj2h2h686d84rfk5workspacevk971js05kebpsnynzjhjs52ymh84scdz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments