openclaw menubar
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone with access to local logs or console output could potentially recover an OpenClaw gateway token.
The app registers an OAuth callback handler and logs both the callback URL and extracted token. Access-token logging is unnecessary and could expose OpenClaw session credentials through local logs, console output, crash reports, or screen sharing.
console.log('OAuth callback:', url);
...
console.log('Received token:', token);Remove raw token logging, redact callback URLs, and avoid printing secrets except as masked values.
The menu-bar app may create another plaintext copy of a gateway token in the user's home directory.
The included renderer code reads the OpenClaw gateway token and can persist a config object containing that token to ~/.openclaw/menubar-config.json without showing explicit file-permission hardening in the provided code.
const token = gateway.token || ''; ... fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
Do not persist tokens unless necessary; if persistence is needed, store only non-secret connection settings or use a secure keychain/permission-restricted file.
Users may underestimate the risk of local token exposure.
The documentation makes a strong security claim, while the provided code shows raw token logging and token persistence without explicit permission controls. This could cause users to trust the credential handling more than the artifacts support.
✅ **Token stored securely** - In user's home directory with proper permissions
Revise the privacy/security claims to match the implementation, and implement secure token storage before claiming tokens are stored securely.
If the app's local UI were compromised, it could have broader access to local files and commands than a normal webpage.
The Electron menu window is granted broad Node.js integration. This is common in some Electron apps and appears related to local integration, but it increases the impact of any renderer compromise.
webPreferences: {
nodeIntegration: true,
contextIsolation: false,
enableRemoteModule: true
}Prefer contextIsolation: true, nodeIntegration: false, and a narrow preload API for only the local operations the menu-bar app truly needs.
Installing the app may execute local scripts and fetch JavaScript dependencies.
The skill is documented as instruction-only in metadata, but users are directed to run bundled shell scripts and install npm dependencies. That is expected for an Electron app, but it means trust depends on the bundled scripts and package sources.
scripts/install.sh scripts/start.sh ... `scripts/install.sh` - Install dependencies (npm install)
Inspect the scripts and package lock before installing, and publish a complete install spec plus source/homepage provenance.
Past chat content may remain on the device after the app is closed.
The app documents persistent chat history. This can be useful and purpose-aligned, but chat history may contain sensitive user data and retention details are not fully described in the supplied artifacts.
✅ **Message history** - Persists across restarts
Document where history is stored, how to clear it, and whether it is reused across sessions.
The app can keep running in the background and respond to a system-wide shortcut until stopped.
The app intentionally runs as a menu-bar process without a dock icon and registers a global shortcut. This is consistent with the menu-bar purpose, but it is persistent background behavior users should recognize.
showDockIcon: false
...
globalShortcut.register('CommandOrControl+Shift+O', () => {Make stop/disable behavior prominent and avoid adding login-start persistence unless it is explicit and user-approved.