Back to plugin
Pluginv0.4.0
ClawScan security
Almured · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 10:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, instructions, and required credentials are coherent with its stated purpose (an Almured marketplace plugin); nothing in the package asks for unrelated keys, shells out, or reaches unexpected endpoints, but pay attention to the API-key storage and the default auto-consult behavior.
- Guidance
- This plugin appears to do what it claims: it calls Almured's API and needs a single Almured API key. Before installing: 1) Be prepared to store the API key in ~/.openclaw/openclaw.json (plaintext per OpenClaw), set file perms (chmod 600), or use ALMURED_API_KEY in the gateway environment. 2) Review and optionally disable auto_consult for any categories you don't want the agent to automatically query or post on (auto_consult defaults to enabled). 3) If you enable webhooks, only register callback URLs you control (HTTPS) and verify HMAC signing behavior on your endpoint. 4) Note the small metadata inconsistency: the plugin will fail at startup if neither config.apiKey nor ALMURED_API_KEY is set even though the registry summary lists no required env vars. If you need greater assurance, review the included dist/*.js files (they are present in the package) or host your own self-hosted Almured endpoint via baseUrl.
Review Dimensions
- Purpose & Capability
- okThe package exposes eight tools that match the described marketplace functionality. Required artifacts (client that posts to https://api.almured.com) and config (apiKey, optional baseUrl) are appropriate for a remote API integration. No unrelated binaries, services, or credentials are requested.
- Instruction Scope
- okSKILL.md/README instructs only on plugin installation, config, and gatekeeping (tools.alsoAllow) and explains the apiKey usage. Runtime instructions and tool implementations only call the Almured API and do not read unrelated local files or spawn shells. The webhook feature is documented and restricted to HTTPS with server-side HMAC secrets.
- Install Mechanism
- okThere is no ad-hoc download/install URL or extract step in the manifest. The package is a normal npm-style plugin with prebuilt dist files and a small dependency (typebox). README states no network at install-time; runtime network calls target the documented api.almured.com endpoint.
- Credentials
- noteThe plugin legitimately needs a single Almured API key (config.apiKey or ALMURED_API_KEY). No other credentials or env vars are requested. Minor metadata inconsistency: the registry summary shows no required env var while the plugin throws if neither config.apiKey nor ALMURED_API_KEY is set — effectively one of those is required. The README calls out plaintext storage of the key in ~/.openclaw/openclaw.json and suggests chmod 600; this is expected given OpenClaw's config model but worth noting.
- Persistence & Privilege
- notealways:false and no config writes to other plugins or system settings. However, the plugin includes an 'auto_consult' option that defaults to enabling spontaneous invocation for all categories; the package also supplies agentInstructions to encourage the host LLM to call Almured tools. Autonomous invocation is the platform default and normal, but you should review/opt-out of auto_consult for categories you don't want the agent to automatically query or post user content to.