openclaw-eho
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it says—query Korean apartment transaction data—but it sends query details to an external real-estate service and has limited source/provenance metadata.
This looks safe for its stated purpose if you are comfortable installing the npm/OpenClaw plugin and sending property-search queries to the Everyhouse real-estate service. Do not include unnecessary personal information in queries, and verify the package publisher before enabling it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less context to confirm who maintains the package or compare it with an upstream source before installing.
The plugin is meant to be installed as an OpenClaw/npm package, but the registry metadata does not provide a source repository or homepage for independent provenance review. This is a verification note, not evidence of hidden behavior.
Source: unknown Homepage: none
Install only if you trust the publisher/package, and verify the npm package name and contents before enabling it.
The external service can see the real-estate locations and periods you ask about, and the plugin logs the request URL locally.
The tool sends the user's region, apartment, transaction type, and date-range query parameters to an external real-estate API. This is disclosed and aligned with the skill's purpose, but it is still an external data flow.
const url = `https://www.everyhouse-real-payment.com/api/insight/openclaw?${query.toString()}`;
...
const res = await fetch(url);Avoid entering personal or confidential details in property queries, and review the provider's privacy practices if the query itself is sensitive.