@taco-trade/web-copilot

The plugin's code, manifest, and runtime instructions are coherent with its stated purpose: bridging OpenClaw to a Taco web copilot backend using a channel config containing an apiToken and userId.

This plugin appears to do what it says: poll a Taco backend and forward messages to/from OpenClaw. Before installing, ensure you trust the plugin owner and the backend URL you configure (default is https://api.dev.taco.trading). Provide a dedicated apiToken with minimal scope and avoid reusing high-privilege credentials. Be aware that the plugin logs portions of inbound/outbound messages to the host logs (truncated to 300 chars), so sensitive user content may appear in system logs — route logs and access carefully. Finally, confirm you want an 'open' DM policy (no pairing) as indicated in the plugin metadata.