Back to plugin
Pluginv0.1.2
ClawScan security
OpenClaw for Vibe Dot (demo) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 3:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, README, and SKILL.md consistently implement an inbound-only SSE-based channel that requires a bearer token in the OpenClaw channel config; nothing in the files indicates hidden exfiltration or unrelated permissions.
- Guidance
- This repo appears to be a straightforward inbound-only SSE channel. Before installing: (1) Be aware you must supply a bearer token in your OpenClaw config (channels.vibe-dot.token) — do not accidentally paste a high-privilege or long-lived admin credential. (2) The default SSE URL points to a demo relay (https://demo-dot-relay.vibeus.workers.dev); replace it with your production relay or verify you trust the demo endpoint if you use it. (3) The .claude/settings.local.json contains developer-local bash commands — those are for development and are not executed by the plugin, but review them if you plan to run developer scripts locally. If you want extra assurance, review the token handling/storage practices of your OpenClaw host to ensure tokens are stored and access-controlled appropriately.
Review Dimensions
- Purpose & Capability
- noteThe plugin's name/description match the implementation: it opens an SSE connection to stream Vibe Dot transcriptions. One minor mismatch: the registry metadata lists no required config paths or credentials, but the SKILL.md, openclaw.plugin.json, and runtime code all require a channel config value 'token' (Bearer token) under channels.vibe-dot. This is expected for operation but is not represented in the top-level registry 'required env/config' summary.
- Instruction Scope
- okSKILL.md instructs only to add channel config (token, optional sseUrl). Runtime instructions and code only read the OpenClaw config and connect to the configured SSE endpoint. There are no instructions or code that read arbitrary files, environment variables, or send data to unexpected endpoints beyond the configured SSE URL.
- Install Mechanism
- okThis is instruction-only / code-in-repo: there is no external download/install step. Dependencies are listed in bun.lock/package.json (devDependencies only). No extracted remote archives or curl|sh installers are present.
- Credentials
- noteThe plugin requires a bearer token, but it expects that token in the host OpenClaw channel configuration (channels.vibe-dot.token), not as an environment variable. That credential request is proportional to the stated purpose. Users should note the registry summary did not surface the config requirement.
- Persistence & Privilege
- okalways is false and the plugin does not attempt to modify other skills or global agent config. It registers a runtime SSE connection and cleans it up on shutdown — expected for an inbound channel plugin. Autonomous invocation (disable-model-invocation: false) is normal here and appropriate.