Back to plugin
Pluginv0.2.0
ClawScan security
LINE WORKS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 1:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, instructions, and required secrets are coherent with a LINE WORKS channel integration; no signs of unrelated or hidden exfiltration behavior were found, though the registry metadata slightly understates the credential needs.
- Guidance
- This plugin appears to be an honest LINE WORKS channel integration. Before installing: (1) Review the plugin source (or the npm package) and verify the package provenance (GitHub repo and npm publisher). (2) Provide secrets only via the recommended privateKeyFile with strict file permissions (chmod 600) and avoid pasting private keys into plain env vars when possible. (3) Confirm the callback URL and openclaw gateway are correct and reachable. (4) Note the plugin will perform network calls to auth.worksmobile.com and www.worksapis.com and will write temporary downloaded attachments to disk; run it in a controlled environment if you need to audit behavior first. (5) Expect some automated installers/scanners to flag the combination of process.env reads and outbound fetch calls — this is expected for a channel plugin but worth reviewing manually. If you want stronger assurance, inspect the full published npm tarball and the repository commit history before use.
Review Dimensions
- Purpose & Capability
- okName/description (LINE WORKS channel plugin) match the code and docs: the code implements webhook handling, auth (JWT/assertion), attachment download/upload, and message send/receive. The required credentials (clientId, clientSecret, serviceAccount/private key, botId, botSecret) are exactly what a LINE WORKS bot integration needs. Minor inconsistency: the registry summary reported "Required env vars: none" while the plugin manifest and README enumerate environment/config keys for secrets; this is likely a metadata omission rather than malicious.
- Instruction Scope
- okSKILL.md instructs only the expected actions: installing the plugin, placing a PKCS#8 PEM on disk with restricted permissions, adding channel config to openclaw.json, and registering the webhook URL in the LINE WORKS console. Runtime instructions and code reference only the plugin's config, the PEM file, and network calls to LINE WORKS endpoints. There are no instructions to read unrelated system files or to exfiltrate arbitrary data.
- Install Mechanism
- okThere is no install spec embedded in the SKILL.md delivered to the registry (instruction-only), but the package is a normal npm-distributable plugin (package.json, openclaw metadata) and the README recommends installing via 'openclaw plugins install @unayung/lineworks' (which uses ClawHub then npm). Dependencies are minimal and from well-known sources (jose). No remote arbitrary binary downloads or odd extract/install steps were found in the provided files.
- Credentials
- noteThe plugin legitimately requires secrets (clientId/clientSecret, PKCS#8 private key or file, botId/botSecret) for OAuth/JWT authentication — these are proportional to the stated purpose. The README explicitly prefers storing the private key on disk rather than inline env vars. Note: the registry metadata at top-level omitted listing required env vars, but the plugin manifest (openclaw.plugin.json) and docs do enumerate them. Also be aware that some automated installers/scanners flag codebases that both read process.env and perform network fetches — this plugin does both for valid reasons (auth + API calls).
- Persistence & Privilege
- okThe skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It runs as a normal OpenClaw channel plugin and exercises no unexpected persistence or elevated privilege beyond storing its own configuration and reading a private key file the user is asked to provide.