Pluginv2026.4.11

ClawScan security

QuantClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 8:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: QuantClaw's code, runtime instructions, and configuration are coherent with its stated purpose (a task-type quantization router); no evidence of hidden exfiltration or unrelated privileges was found.
Guidance: This plugin appears coherent with its stated purpose. Before installing: (1) review and, if needed, harden ~/.openclaw/quantclaw.json because it may contain API keys you provide; (2) only configure judge endpoints you trust—the router will send request text to whatever judge endpoint you point it at (local or remote); (3) if you plan to run the Python embedding server, be prepared to install torch/sentence_transformers and accept model downloads from Hugging Face; and (4) inspect the provider registration (src/provider.ts) if you want to verify exactly how apiKey placeholders are resolved. If any of these raise concerns, test in an isolated environment first.

Review Dimensions

Purpose & Capability: okThe plugin's name/description (routing requests across 4/8/16-bit targets) matches the code and config. The files implement detectors, router pipeline, synthetic providers, a dashboard, and an optional local embedding router—everything is appropriate for a quantization router.
Instruction Scope: noteSKILL.md instructs installing the plugin, creating ~/.openclaw/quantclaw.json, and optionally building/serving a local embedding router. It also explains configuring external judge endpoints (OpenAI-compatible) and API keys. This is within scope, but note that routing decisions may send user request text to whatever judge endpoint you configure (local or remote), so judge endpoints must be trusted.
Install Mechanism: noteNo separate install spec in the registry; plugin is packaged with code and a package.json. Python helper scripts require sentence_transformers and torch (not declared in package.json) and will download model artifacts (e.g., from Hugging Face) if you build/run them. That network activity is expected for the embedding router but is an operational consideration (dependencies + downloads).
Credentials: okThe skill declares no required environment variables or credentials. Config supports per-target apiKey placeholders (e.g., ${QC_4BIT_API_KEY}) and judge.apiKey, which are reasonable for a router that forwards requests to external providers. There are no unexplained credentials requested by the plugin itself.
Persistence & Privilege: okThe plugin writes/reads its own config and stats under ~/.openclaw and registers an HTTP dashboard route within OpenClaw. always:false and no modification of other plugins or system-wide settings detected. Autonomous invocation is allowed (platform default) but not excessive here.