Back to plugin
Pluginv1.2.0
ClawScan security
DEPRECATED — use @comment-io/openclaw-plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 11:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, config, and runtime instructions align with its stated purpose (Comment.io channel: @mentions, WebSocket monitor, and API guidance); it injects system guidance and fetches /llms.txt as part of that purpose, which is expected but worth noticing.
- Guidance
- This plugin appears to do what it says: listen for Comment.io @mentions via a WebSocket, post replies via the Comment.io REST API, and injects guidance into the agent's system context (telling the agent to fetch the live API reference at /llms.txt). Before installing, consider: 1) the plugin can modify system prompts (it will append guidance when an account with an agent secret is registered) — only enable it if you trust comment.io and the account you register; 2) if you provide an agent secret (recommended for notifications) treat it as sensitive (the setup wizard references COMMENT_IO_AGENT_SECRET); 3) the plugin fetches live content from comment.io (/llms.txt) — that remote content can change behavior, so ensure you trust the host; and 4) you can run the plugin in anonymous mode without secrets (no WebSocket notifications in that mode). If you want higher assurance, review network access policies or run in anonymous mode and only enable persistent accounts you control.
- Findings
[system-prompt-override] expected: Detected because the plugin appends system guidance to prompts (index.ts uses api.on('before_prompt_build', ...) to inject COMMENT_DOCS_GUIDANCE). This behavior matches the plugin's documented 'API guidance' feature.
Review Dimensions
- Purpose & Capability
- okName/description (Comment.io channel, @mentions, API guidance) match the code: WebSocket monitor, outbound send, agent verification, and prompt guidance are all related to delivering @mention notifications and providing API context.
- Instruction Scope
- noteThe plugin intentionally appends system-context guidance into the agent prompt (index.ts registers before_prompt_build to append COMMENT_DOCS_GUIDANCE) and instructs the agent to fetch https://comment.io/llms.txt at session start. This is coherent with 'API guidance' but is a notable capability (it modifies system prompt and fetches live content).
- Install Mechanism
- okNo install spec (instruction-only for the registry) and package files are provided; dependencies are standard (ws). No arbitrary downloads or extract steps present.
- Credentials
- okNo required environment variables; the agent secret is optional in config and only needed to enable persistent identity and WebSocket notifications. The setup UI suggests a preferred env var (COMMENT_IO_AGENT_SECRET) but it is not required by the plugin manifest.
- Persistence & Privilege
- notealways:false (normal). The plugin registers a before_prompt_build hook to append system context when at least one registered account has an agent secret — this grants the plugin the ability to modify prompts, which is appropriate for API guidance but is a privileged action users should be aware of.