Pluginv1.1.7

ClawScan security

ByteRover · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 8, 2026, 3:41 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, README, and runtime instructions are consistent: it invokes a local brv CLI/bridge to curate and recall conversation context, and it does not request unrelated credentials or install arbitrary remote code.
Guidance: This plugin appears to do what it says: it sends curated conversation text to a local brv CLI/daemon (via the @byterover/brv-bridge npm package) and injects recalled context into prompts. Before installing, confirm you trust the source of the brv binary and the npm dependency (@byterover/brv-bridge). Note the plugin will read your OpenClaw config (~/.openclaw/openclaw.json) to resolve workspaces and will invoke brv with the configured cwd (so brv may access files in that project). The license is Elastic-2.0 (review its hosting/use restrictions). If you need a higher assurance, inspect the installed @byterover/brv-bridge package and ensure the brv binary you install is the official release (not a third-party or URL-shortened download).

Purpose & Capability: okName/description match the implementation: the code serializes messages, strips OpenClaw metadata, and calls a brv bridge to persist/recall. Requiring a local brv binary and a project cwd is coherent with a context-engine that delegates curation to an external CLI/daemon.
Instruction Scope: okSKILL.md instructs configuring brvPath and cwd, installing brv, and enabling the plugin. The runtime code only reads OpenClaw config to resolve a workspace and calls the brv bridge; it does not instruct reading arbitrary files, exfiltrating env vars, or posting data to unexpected endpoints.
Install Mechanism: noteNo explicit install spec in the registry (instruction-only), but package.json declares a dependency on @byterover/brv-bridge (npm). This is expected for a plugin that integrates a CLI via a bridge, but you should review the provenance of the npm dependency and the brv binary you install.
Credentials: okThe plugin requests no environment variables or credentials. It does read ~/.openclaw/openclaw.json to resolve agent workspace (used to set cwd) — this is proportional to locating the project and is documented.
Persistence & Privilege: okalways is false and the plugin does not modify other plugins or global agent settings. It runs as a context-engine and delegates to a bridge/CLI; no elevated or permanent privileges are requested.