Skillv1.6.1

ClawScan security

LocalUDPMessenger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 3:58 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This plugin's code, docs, and runtime instructions are consistent with a local LAN UDP messenger: it requires only Node, persists trusted peers to disk, optionally forwards copies to a relay you explicitly configure, and can wake the local agent via a webhook token — nothing in the package is disproportionate to that purpose.
Guidance: This plugin appears to do what it says, but check these before installing: (1) Review the npm/GitHub source (owner turfptax) to ensure you trust the publisher. (2) Do not set a relayServer to an untrusted host — enabling relay forwards copies of every message off your LAN. (3) Treat the hook token as sensitive: if set, it lets the plugin trigger agent turns via /hooks/agent; keep it secret and only enable hooks.enabled if you understand the implications. (4) Trusted peers are persisted to ~/.openclaw/extensions/openclaw-udp-messenger/trusted-peers.json — inspect that file and the plugin logs if you need an audit trail. (5) Prefer 'always-confirm' trust mode on untrusted networks and never instruct the agent to share secrets with peers. Finally, note a minor inconsistency: the registry marked the skill as 'instruction-only' while package files are present; confirm the exact install path you will use (npm vs. manual) and review the repository before enabling in production.

Review Dimensions

Purpose & Capability: okName/description match the actual files and runtime behavior. Required binary (node) is appropriate. Features described (discover, send/receive, trust model, relay, wake-up) are implemented in the code and are coherent with the stated purpose.
Instruction Scope: noteSKILL.md and README clearly document the expected actions and limits and repeatedly warn not to auto-approve peers or share secrets. The plugin does additional environment/config lookups (e.g., OPENCLAW_HOOK_TOKEN and values in openclaw.json) and persists trusted-peers.json to disk; these behaviors are documented but are not declared as 'required env vars' in the top-level metadata — a small documentation/inventory mismatch to be aware of.
Install Mechanism: noteInstallation is via npm/GitHub as documented (openclaw plugins install openclaw-udp-messenger). The registry metadata stated 'instruction-only' despite code files being included; the install sources referenced are standard (npm/GitHub) rather than arbitrary shorteners, so risk is moderate but expected for a plugin that installs code.
Credentials: okNo required credentials are declared; the only sensitive runtime input is an optional hook token and an optional relayServer address which the user must configure. Those are proportional to the wake-up and central-monitoring features the plugin provides. The plugin writes a trusted-peers.json file in the user's home plugin dir — expected for persistent trust state.
Persistence & Privilege: okThe skill does not request always: true, does not alter other skills' configuration, and only persists its own trusted-peers.json. It uses the Gateway webhook only when a user-configured hook token is present; autonomous invocation is the platform default and not a surprise here.