Openclaw Tlon 2026.5.12 Beta.6.Tgz

Package: @openclaw/tlon (npm) Version: 2026.5.7 Description: OpenClaw Tlon/Urbit channel plugin The package implements an OpenClaw channel plugin for Tlon/Urbit communication, handling message monitoring, sending, and media uploads. Security implementations are robust, utilizing the host environment's SDK features. 1. **SSRF Mitigation:** All external network interactions (Urbit API calls, media downloads, S3 uploads) are performed using `fetchWithSsrFGuard`. Access to private networks requires the explicit `dangerouslyAllowPrivateNetwork` configuration flag, and the setup wizard proactively warns users about this risk. 2. **Access Control:** The plugin features a mandatory approval system (`createTlonApprovalRuntime`) for DMs and channel mentions from unknown ships unless explicitly allowlisted, preventing unauthorized use of the agent/bot capabilities. It also allows the configured owner to manage these approvals and block ships using native Urbit mechanisms. 3. **Functionality:** Core logic involves connecting to an Urbit ship using provided credentials (`ship`, `url`, `code`), maintaining a continuous SSE connection (`UrbitSSEClient`) for message monitoring, translating Markdown to Urbit's Story format, and facilitating media uploads via either Tlon's Memex service or custom S3 configurations. The code is complex but entirely focused on its stated purpose, incorporating appropriate security safeguards against common vulnerabilities like SSRF.