Pluginv1.3.14

ClawScan security

ClawWatch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 12:25 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code, runtime instructions, and manifest are consistent with a telemetry agent that reports node metrics to a hardcoded ClawWatch Worker; nothing obvious is requesting unrelated credentials or performing unexpected installs, but there are a few operational/privacy details you should review before installing.
Guidance: This package appears to be a straightforward telemetry agent, but before installing: 1) Confirm you trust the default Worker endpoint (https://cw.osglab.win) or run your own Worker and pass --base to avoid sending telemetry to the default server. 2) Be aware the agent inherits the Gateway process environment — if your Gateway has secrets (cloud keys, tokens) set as env vars, the agent process will see them; consider running the plugin/agent in a restricted environment. 3) The agent will store node_secret in ~/.clawwatch/agent.json; inspect that file and enforce file permissions. 4) Review whether `openclaw status --json` (if present on your node) contains any sensitive fields you don't want reported; the agent may parse and include status-derived fields. 5) If you need higher assurance, review the full agent source (src/agent.mjs) locally and/or self-host the Worker, then run the agent in an isolated node (or sandbox) first.

Review Dimensions

Purpose & Capability: okName/description claim a telemetry agent + CLI. Source files implement a CLI (setup/bind/run) and an OpenClaw plugin that spawns the CLI as a background service. Hardcoded default Worker base (https://cw.osglab.win) and use of HMAC-signed report endpoints match the stated purpose.
Instruction Scope: noteSKILL.md and README describe only telemetry-related actions (collect system metrics, optionally parse `openclaw status --json`, then POST signed reports). The agent execs a small set of fixed shell commands (df, nvidia-smi, system_profiler, openclaw) to collect metrics. Note: parsing `openclaw status --json` or other CLI outputs may surface configuration/metadata from your Gateway/node; confirm whether that includes any tokens or sensitive fields you don't want sent.
Install Mechanism: okNo network download/install steps in the skill spec; code is bundled in the package. Build/dev tooling is standard (tsup/typescript) and there is no arbitrary remote extract/download. The package does require Node >=22 at runtime (mentioned in README/package.json) even though the registry metadata 'Required binaries' shows none — minor metadata mismatch.
Credentials: noteThe skill does not declare needing API keys or external credentials. The plugin spawns the agent with env = {...process.env}, so the agent inherits the Gateway process environment. The agent writes node secrets to a local state file (~/.clawwatch/agent.json) and uses that secret to HMAC-sign reports — this is expected, but be aware the child process has access to any env variables available to the Gateway. Also the agent will include custom payload via CLAWWATCH_PAYLOAD_JSON if set. Verify your Gateway does not expose other sensitive env vars that you don't want available to the agent.
Persistence & Privilege: okSkill is not always:true and does not modify other skills. It registers a Gateway service that spawns a child process (the agent) — consistent with its role as a background telemetry agent. The agent persists node credentials in a local state file (expected for this use case).