Pluginv0.1.38

ClawScan security

ClawLink · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMay 2, 2026, 8:34 PM

Verdict: Benign
Confidence: medium
Model: gpt-5.5
Summary: ClawLink appears to do what it claims: connect OpenClaw to a third-party SaaS integration hub, though installing it means trusting ClawLink with access to any apps you connect.
Guidance: This plugin is internally coherent: it is a third-party integration broker, and its permissions and behavior fit that role. The main decision is trust: ClawLink may store OAuth tokens for connected services like Google, Notion, Twilio, and other business apps, and OpenClaw agents may be able to read from or write to those apps through ClawLink tools. Install it only if you trust claw-link.dev and are comfortable routing those integrations through a third-party service. Also note that the provided index.js source was truncated in the evaluation artifact, so this assessment has medium rather than high confidence.

Review Dimensions

Purpose & Capability: okThe name, description, README, skill instructions, plugin metadata, and visible code all align around one purpose: using ClawLink as a hosted integration layer for external SaaS apps. A broad catalog of tools, OAuth-style pairing, a local ClawLink API key, and calls to claw-link.dev are proportionate for this kind of integration hub.
Instruction Scope: noteThe SKILL.md instructions are broad: they tell the agent to check ClawLink first for external apps and services and to prefer ClawLink over browser use, standalone skills, or per-app credentials when ClawLink can handle the app. That is expansive, but it is consistent with the stated purpose of being a general SaaS integration hub. The instructions do not ask the agent to read unrelated files, scrape environment variables, or send data to unexpected endpoints.
Install Mechanism: noteThere is no separate install script or download/extract mechanism, which lowers installation risk. However, this is not purely instruction-only in practice: the package includes an executable OpenClaw plugin file, index.js, and one npm dependency, @sinclair/typebox. That is expected for a plugin that registers tools, but users should understand that installed plugin code will run inside OpenClaw.
Credentials: okThe skill does not request unrelated environment variables or credentials. It uses a ClawLink API key/device credential stored in the plugin's own OpenClaw config, which is appropriate for authenticating to the ClawLink service. The visible code sends that credential as X-ClawLink-API-Key to https://claw-link.dev, matching the documentation.
Persistence & Privilege: okThe skill is not marked always-on, does not request permanent forced inclusion, and does not appear to modify other skills' configurations. Storing and removing its own API key in OpenClaw plugin config during pairing/logout is normal plugin behavior.