ActivityClaw Plugin Usage
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced plugin would run code from an external package source outside this reviewed skill file.
The skill relies on installing an external npm/OpenClaw plugin that is not part of the scanned artifact set. This is purpose-aligned, but users should verify the package source and version.
npm install -g @rmruss2022/activityclaw openclaw plugins install @rmruss2022/activityclaw
Review the npm package and GitHub repository before installing, and prefer pinned or trusted versions where possible.
The local activity database may reveal sensitive work history, commands, file names, web activity, or message activity to anyone with access to the machine or dashboard.
The plugin is documented as persistently storing broad agent activity, including file, command, web, and message history, in a local database.
- **📝 File Operations** - Creates, edits, reads - **⚡ Commands** - Shell executions via exec - **🔍 Web Activity** - Searches and fetches - **💬 Messages** - Outbound messages to channels - **Database:** SQLite at `~/.openclaw/activity-tracker/activities.db`
Use it only on trusted machines, understand what is logged, and look for retention or deletion controls before relying on it for sensitive work.
If left running, the plugin may continue recording agent activity beyond the immediate question that caused the user to open the dashboard.
The documented plugin runs as a controllable service and uses a real-time persistence hook. This is disclosed and fits the monitoring purpose, but it means activity collection can continue while the service is running.
openclaw activityclaw start openclaw activityclaw stop ... - **Tracking:** Real-time via `tool_result_persist` hook
Start the service only when needed, stop it when not in use, and confirm whether it auto-starts after installation or restart.