Pluginv1.3.14

ClawScan security

ClawWatch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 12:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This package is internally consistent: it implements a telemetry agent (CLI + optional Gateway service) that collects system metrics, stores a node credential state file, and posts signed telemetry to the hardcoded ClawWatch Worker endpoint; nothing requested or installed is out of scope for that purpose.
Guidance: This package appears to do what it says: run a telemetry agent that collects host metrics and posts signed payloads to https://cw.osglab.win (or a configured Worker). Before installing, consider: 1) The agent writes node credentials to ~/.clawwatch/agent.json (or a path you configure) — protect that file and do not commit it to source control. 2) Because the Gateway spawns the agent with the parent environment copied, avoid putting unrelated secrets in the Gateway process environment or configure CLAWWATCH_STATE/CLAWWATCH_BASE_URL explicitly. 3) Review the code if you need to self-host: the Worker URL is hardcoded by default, but the CLI and plugin allow an override. 4) The agent runs shell commands (df, nvidia-smi, system_profiler, openclaw) to collect metrics — this is expected, but ensure those commands are allowed in your environment. If you are concerned about sending telemetry to the public host, run the agent against a self-hosted ClawWatchWorker instead.

Review Dimensions

Purpose & Capability: okThe name/description (ClawWatch telemetry agent) match the code and README: plugin entry spawns the provided agent script, and the agent collects system metrics and posts them to a Worker URL. Required capabilities (reading local state, running CLI commands to get host metrics, network calls to the Worker) are all expected for a telemetry agent.
Instruction Scope: okSKILL.md instructs the agent lifecycle (setup / bind / run) and OpenClaw integration. The runtime instructions and code only reference the state file (~/.clawwatch/agent.json or CLAWWATCH_STATE), optional CLAWWATCH_PAYLOAD_JSON, system commands (df, nvidia-smi, system_profiler, openclaw), and the configured Worker endpoints — all relevant to collecting and reporting telemetry. There are no instructions to read unrelated secrets or to exfiltrate arbitrary files.
Install Mechanism: okNo remote download/install spec; the package is distributed as an npm package containing source and a compiled dist file. package.json and package-lock.json are normal; dev dependencies are standard build tools. Nothing is fetched from a suspicious or untrusted URL at install time.
Credentials: noteThe skill asks for no external credentials and stores its own node_secret in a local state file (expected). One point to note: when the plugin spawns the agent it copies the parent process.env into the child's env, so the agent process will inherit any environment variables present in the Gateway process. The agent itself does not enumerate or send arbitrary environment variables in its payload (it uses CLAWWATCH_PAYLOAD_JSON for optional custom fields), but administrators should be aware the child process inherits the environment and protect any sensitive env vars accordingly.
Persistence & Privilege: okalways is false and autonomous invocation is permitted (normal). The plugin registers a service that starts/stops a single child process and writes its own state file; it does not modify other skills or global agent configuration beyond spawning its own agent. File writes are limited to its own state path.