Pluginv0.1.0

ClawScan security

Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 18, 2026, 4:08 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This plugin's code, config schema, and requested secrets are coherent with its stated purpose (connecting OpenClaw to WhatsApp via an imBee routing service); nothing in the bundle indicates unexplained access or hidden exfiltration.
Guidance: This plugin behaves as an OpenClaw channel adapter that connects to an imBee routing server you configure. Before installing: - Only set routingBaseUrl to a server you trust; the plugin will send your configured apiKey and message payloads to that server. An attacker-controlled routingBaseUrl could exfiltrate messages or the apiKey. - Store the apiKey in OpenClaw's secrets or otherwise treat it as sensitive; the plugin includes it in Authorization headers when connecting. - The SKILL.md provided is just package metadata; review the source files (present in the package) to verify behavior and trustworthiness (e.g., check the repository and author). - If you require a higher assurance, verify the plugin package signature or review the upstream GitHub repo and the imBee service terms before enabling in production.

Purpose & Capability: okPlugin name/description match the implementation: it maintains a WebSocket to a routing server, posts outbound messages to /api/v1/send, and requests an apiKey via pairing. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope: noteThe provided SKILL.md content appears to be the package.json metadata rather than a conventional runtime instruction doc; runtime behavior is implemented in the TypeScript sources and is limited to WebSocket connections and HTTP POSTs to the configured routingBaseUrl and uses the apiKey from the plugin config. The code does not read arbitrary files or environment variables beyond OpenClaw config values.
Install Mechanism: okNo install script is present; the package only depends on the 'ws' library and targets Node >=22 (which supplies fetch). There are no downloads from arbitrary URLs or extract steps.
Credentials: okNo environment variables or external credentials are requested by the registry metadata. The plugin relies on an apiKey provided in the OpenClaw channel config (declared in schema/config.json), which is appropriate for this purpose.
Persistence & Privilege: okThe plugin is not always-enabled and uses normal plugin runtime hooks. It does not modify other plugins' configuration or request system-wide privileges.