Echo
Security checks across malware telemetry and agentic risk
Overview
The echo tool code is simple, but the package ships private-key-like secrets and billing/private-key configuration with inconsistent billing identifiers, so it needs review before use.
Only install this after confirming the publisher has removed the .env secrets and aligned the billing manifests. If you proceed, use a dedicated low-balance wallet key for Orbit billing, verify per-use charges and approval prompts, and do not provide a primary wallet private key.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any real wallet or signing key included in the package should be considered compromised, and its presence raises doubts about how billing credentials are handled.
The published artifact contains private-key-like wallet/signing material rather than only placeholders; such secrets should not be shipped in a plugin package.
PRIVATE_KEY=0x05f9aa...\nPLUGIN_KEY=0xa42d...
Do not use or fund any shipped key. The publisher should rotate/remove the exposed secret and republish without a .env file.
Supplying a main wallet private key could give the plugin or billing SDK broad signing authority tied to that wallet.
The plugin exposes configuration for a raw wallet private key. That is high-impact account authority, especially for a tool whose main user-facing function is only echoing text.
"privateKey": { "type": "string", "description": "Wallet private key for Orbit billing (0x + 64 hex chars)" }If you use this, use a dedicated low-balance wallet/key, verify exactly how Orbit billing signs transactions, and avoid providing a primary wallet private key.
Unexpected or repeated tool calls could incur usage charges.
The echo tool is explicitly billed per use. This is disclosed, but tool invocations can have financial impact.
"pricePerUsageWei": "100000000000000", ... "contracts": { "tools": [ "echo_message" ] }Confirm the platform asks for approval before billed calls or set spending/usage limits before enabling the plugin.
Users may not be able to tell which Orbit plugin identity or billing record the installed runtime will use.
The built manifest's Orbit pluginId differs from the root openclaw.plugin.json pluginId shown in the artifacts, making the runtime/source billing identity ambiguous.
"pluginId": "0x665ecf62a3c4a866b0dfde358a1a4765b631497fb5b5af943a877b01f2ba4fba"
The publisher should rebuild and republish with matching root and dist manifests before users rely on the billing identity.
Future installs or rebuilds may not exactly match the reviewed artifact.
Floating dependency versions can cause different code to be installed or built over time. This is a supply-chain hygiene issue, not direct evidence of malicious behavior.
"@sinclair/typebox": "latest", ... "openclaw": "latest", "typescript": "latest"
Prefer pinned dependency versions and a lockfile that matches the published package version.
The plugin can become active when OpenClaw starts, not only after a manual one-time run.
The plugin loads automatically at startup. No hidden background loop or self-propagation was found, but startup activation is relevant because the plugin also registers billing.
"activation": { "onStartup": true }Disable or uninstall it when not needed, and verify billing settings before leaving it enabled.