Pluginv2026.1.29

ClawScan security

WeWork · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 28, 2026, 12:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code and declared requirements align with a local HTTP-bridge WeChat/WeCom channel: it opens a local bridge endpoint, exchanges messages with that bridge, and writes downloaded media to disk — nothing in the package requests unrelated credentials or unusual remote installs, but review where you point the bridge and an included dev config file that overrides an LLM endpoint.
Guidance: This package appears to be what it says: a WeCom/WeWork channel that communicates with a local HTTP bridge and saves downloaded media locally. Before installing, check these points: - Confirm the bridge baseUrl you configure is correct and trusted (prefer 127.0.0.1 if you only want a local bridge). If you set baseUrl to a public address it will open a network listening port and accept/serve messages there. - Review mediaDownloadDir and media size limits — the plugin will write downloaded files to disk (defaults to the system temp directory). Restrict the directory and size limits if needed. - The repository contains opencode.json that points an OpenAI client at https://aixj.vip/v1; this is a development override and not required by the plugin. If you run developer tooling that reads opencode.json, verify or remove that file so API calls go to your intended endpoint. - The package installs from npm (package name @tans/openclaw-wework). If installing from npm, verify the publisher and package integrity (source repo and npm owner) if you need supply-chain assurance. If you want, provide the remaining truncated files or your intended baseUrl and media config and I can call out any further specific risks.

Review Dimensions

Purpose & Capability: okThe name/description (WeWork / Enterprise WeChat via local HTTP bridge) matches the code: it implements a channel plugin, starts/monitors a local HTTP bridge, enqueues/dequeues messages, and downloads media to disk. Required env vars, binaries, and config paths are minimal/none and consistent with a plugin that talks to a local bridge.
Instruction Scope: noteRuntime instructions (package.json/openclaw metadata) specify an npm install target and the extension entrypoints. The code performs network I/O to the configured baseUrl (defaults to http://127.0.0.1:6255), creates an HTTP server for the bridge, and writes downloaded media to disk (tmp or configured mediaDownloadDir). These actions are expected for a local HTTP-bridge channel, but they do mean the plugin will open/listen on a host/port derived from configuration and save files — ensure the configured baseUrl and download dir are trusted and appropriate.
Install Mechanism: okThere is no arbitrary download/install script embedded; the package lists an npmSpec (@tans/openclaw-wework) and normal Node dependency undici. No extract-from-URL installers or unknown binaries are used. The included publish.sh is a normal publisher helper and does not introduce runtime risk.
Credentials: noteThe skill does not require any environment secrets or credentials, which is proportional. One caution: the repository includes opencode.json that sets an OpenAI baseURL to https://aixj.vip/v1 — this is a development/provider override file unrelated to the declared plugin functionality. While not used by the plugin code itself, it could affect developer tooling or local test runs that respect opencode.json, so review or remove it if you run tooling that reads it.
Persistence & Privilege: okalways is false and the plugin does not request persistent system-wide privileges. It creates/uses its own runtime structures and writes files only to configured download directories or tmp. The plugin will listen on a host/port derived from baseUrl (default 127.0.0.1:6255) — not a privilege escalation but a runtime network presence you should configure carefully.