Code Pluginsource linked

Lm Securityv1.0.0

NSClawGuard - Logs and monitors skills, plugins, MCP servers, and hooks

ns-clawguard·runtime NSClawGuard·by @hspp

Community code plugin. Review compatibility and verification before install.

openclaw plugins install clawhub:ns-clawguard

Latest release: v1.0.0Download zip

Capabilities

Tags: executes-code
configSchema: Yes
Executes code: Yes
HTTP routes: 0
Runtime ID: NSClawGuard

Compatibility

Built With Open Claw Version: 2026.3.24-beta.2
Min Gateway Version: 2026.3.24-beta.2
Plugin Api Range: >=2026.3.24-beta.2
Plugin Sdk Version: 2026.3.24-beta.2

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name and description claim a security/audit monitor for skills, plugins, MCP servers and hooks. The repository contains many expected components (config/skill scanners, audit/event-store, server and UI code) that are coherent with that purpose. Minor mismatch: clawdbot.plugin.json mentions an mcpPaths config schema (monitor MCP config files) but the skill metadata declares no required config paths — if the plugin will read local MCP files, that should be declared. Overall capability set is plausible for the described purpose.

Instruction Scope

The provided SKILL.md content is effectively a package.json object rather than a prose runtime instruction file telling the agent what to do. This is an incoherence: the platform expects SKILL.md to contain runtime instructions; here it's replaced with package metadata. The scan also flagged a 'base64-block' prompt-injection pattern in SKILL.md content. Because the actual runtime behavior depends on the plugin code (which is included), the missing/incorrect SKILL.md reduces transparency and raises risk — reviewers cannot rely on SKILL.md to understand what the agent will be directed to do at runtime.

ℹ

Install Mechanism

There is no declared install spec (no downloads or extracts), which is lower risk. However the package contains a large compiled/dist directory and server code that will be executed by the host when the plugin is loaded. Because there is no explicit install step, it's important to confirm how the platform will load/execute the included code. No external URLs or unusual installers are present in the metadata; that part is okay.

ℹ

Credentials

The skill declares no required environment variables and no primary credential, which is reasonable for a plugin that operates via the platform plugin API. However the source contains modules named request.ts, api.ts, and UI components like GatewayAuthLogTable and TokenConsumption, and dependencies include axios and form-data — these suggest the code performs HTTP requests and may post or fetch data. Because no external endpoints or env creds are declared, you should verify whether network calls are only to the platform/gateway or whether the code calls external domains. Also clawdbot.plugin.json defines mcpPaths (paths to monitor) but the skill metadata didn't declare required config paths; this is a proportionality/visibility issue.

✓

Persistence & Privilege

The plugin does not request always:true and allows normal autonomous invocation (disable-model-invocation is false), which is the platform default. The package defines register(api) semantics and likely registers HTTP routes and event handlers — that is expected for a monitoring plugin and is proportionate. No evidence it modifies other plugins or system-wide settings beyond its own scope, based on the manifest and type declarations.

Scan Findings in Context

[base64-block] unexpected: A 'base64-block' prompt-injection pattern was flagged in the SKILL.md content. SKILL.md appears to contain package.json instead of runtime instructions; the flagged pattern may be a false positive or indicate some embedded data. Either way, SKILL.md is not the expected instruction file and should be corrected/inspected.

What to consider before installing

This package appears to be a legitimate monitoring/audit plugin (it contains scanners, an audit store, and a UI). However: 1) SKILL.md does not contain runtime instructions (it contains package.json), which is an incoherence — ask the author for the intended SKILL.md and runtime instructions before installing. 2) A prompt-injection pattern was flagged in SKILL.md; inspect SKILL.md and any embedded data for encoded payloads. 3) Review the source (search for axios/fetch/http endpoints in src/request.ts, src/api.ts, server/router.ts) to confirm network requests only go to the platform/gateway and not arbitrary external hosts. 4) Verify whether the plugin will read local MCP config files (clawdbot.plugin.json references mcpPaths) and, if so, ensure you are comfortable with that file access. 5) Run the plugin in an isolated environment or staging instance first, and consider a code audit focusing on any code that posts logs or token data externally. If the author clarifies SKILL.md to include proper runtime instructions and you confirm network/file-access behavior is limited to expected platform endpoints, the plugin is easier to trust; until then, treat it as suspicious and avoid installing on production systems.

✗

dist/index.mjs:8856