Thunder Openclaw Plugin
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real Thunder Compute integration, but it needs Review because it lets an agent control paid GPU resources, run remote commands, delete instances, and store OAuth tokens locally.
Install this only if you want OpenClaw to manage your Thunder Compute account. Before using it, verify the endpoint, authenticate only on a trusted machine, require the agent to confirm instance type, price, command, and deletion targets, monitor billing, and clear/revoke OAuth access when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent instruction could incur cloud charges, run unintended commands on a GPU instance, or delete resources.
These are high-impact Thunder Compute account operations that can spend money, alter cloud resources, and run commands. The provided artifacts disclose the tools but do not show approval gates, cost limits, or scoping rules for create/delete/run-command actions.
create instances, run commands, create snapshots, delete instances, and report cost
Only use the tools with explicit user approval for instance type, expected cost, command, and target instance. Prefer adding confirmation prompts, cost caps, and list-before-delete safeguards.
Commands run through the agent may affect the remote instance and any data or secrets present there.
The skill intentionally exposes a command-running tool for Thunder Compute instances. This is expected for the stated compute-management purpose, but it is still a code-execution capability.
`tc_run_command` ... run `nvidia-smi`
Review commands before running them, avoid sending unnecessary secrets to instances, and use disposable or scoped instances when testing.
Anyone who can read the local auth file may be able to use the Thunder Compute account until the token is revoked or cleared.
The plugin persists a ThunderCredential locally, and the visible token conversion code includes OAuth access and refresh tokens. This is purpose-aligned for staying authenticated, but it is sensitive account access.
function getCredentialPath(): string { return path.join(getPluginStateDir(), "auth.json"); } ... async function persistCredential(cred: ThunderCredential): Promise<void> { await writeJsonFile(getCredentialPath(), cred); }Install only on trusted machines, protect the .openclaw plugin directory, use tc_auth_clear when finished, and revoke the app/session if the machine is shared or compromised.
Installing the plugin gives its local code access to the OpenClaw plugin runtime and the configured Thunder Compute tools.
The install path requires manually installing a Node/OpenClaw plugin and enabling it. This is disclosed and consistent with the plugin purpose, but it means local code will run inside the OpenClaw plugin environment.
npm install openclaw plugins install . openclaw config set plugins.entries.thunder-compute.enabled true
Install only from the trusted Thunder Compute source, review package files before npm install, and avoid enabling the plugin in sessions that do not need cloud-compute access.
Thunder Compute receives the cloud-management requests and command content needed to operate the service.
The plugin is a bridge to an external Thunder Compute MCP endpoint. This endpoint is disclosed and purpose-aligned, but tool requests, account operations, and commands are sent outside the local agent.
openclaw config set plugins.entries.thunder-compute.config.endpoint "https://api.thundercompute.com:8443/mcp"
Verify the endpoint before authenticating, do not point the plugin at untrusted MCP servers, and avoid sending sensitive command content unless necessary.