ActivityClaw Plugin Usage
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: activityclaw-usage Version: 1.0.0 The skill instructs the agent to install a third-party npm package (`@rmruss2022/activityclaw`) globally via `npm install -g` in SKILL.md. While this action is presented as a prerequisite for the skill's stated purpose, `npm install -g` is a shell command that fetches and executes arbitrary code from a remote registry. This constitutes a significant 'risky capability' due to potential supply chain vulnerabilities (e.g., RCE if the npm package itself were compromised or malicious), even though the skill bundle itself does not exhibit explicit malicious intent like data exfiltration or prompt injection, and explicitly states 'All data stays local'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the referenced plugin would run code from an external package source outside this reviewed skill file.
The skill relies on installing an external npm/OpenClaw plugin that is not part of the scanned artifact set. This is purpose-aligned, but users should verify the package source and version.
npm install -g @rmruss2022/activityclaw openclaw plugins install @rmruss2022/activityclaw
Review the npm package and GitHub repository before installing, and prefer pinned or trusted versions where possible.
The local activity database may reveal sensitive work history, commands, file names, web activity, or message activity to anyone with access to the machine or dashboard.
The plugin is documented as persistently storing broad agent activity, including file, command, web, and message history, in a local database.
- **📝 File Operations** - Creates, edits, reads - **⚡ Commands** - Shell executions via exec - **🔍 Web Activity** - Searches and fetches - **💬 Messages** - Outbound messages to channels - **Database:** SQLite at `~/.openclaw/activity-tracker/activities.db`
Use it only on trusted machines, understand what is logged, and look for retention or deletion controls before relying on it for sensitive work.
If left running, the plugin may continue recording agent activity beyond the immediate question that caused the user to open the dashboard.
The documented plugin runs as a controllable service and uses a real-time persistence hook. This is disclosed and fits the monitoring purpose, but it means activity collection can continue while the service is running.
openclaw activityclaw start openclaw activityclaw stop ... - **Tracking:** Real-time via `tool_result_persist` hook
Start the service only when needed, stop it when not in use, and confirm whether it auto-starts after installation or restart.