Pluginv3.1.0

ClawScan security

Local IM Connector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 8:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package and runtime instructions match the stated purpose: a Local IM channel that listens or connects via WebSocket and forwards messages to OpenClaw; it does not request unrelated credentials or perform unexplained operations.
Guidance: This plugin appears to do what it claims: provide a local WebSocket/HTTP channel and/or act as a client that connects to a configured WebSocket. Things to check before installing: - Confirm which runtime file is actually used: the manifest shows SKILL.md as empty but you were given runtime docs elsewhere; ensure the platform will run the intended instructions. - Review and trust the clientWsUrl and any external WebSocket endpoints you configure — the plugin will forward messages to/from those endpoints and could transmit agent messages. - If you plan to set gatewayToken, treat it as a secret (only provide it to trusted plugins/gateways) because it authenticates to the local gateway used for LLM calls. - Note the package includes many transitive dependencies (from the SDK); consider auditing or pinning dependencies if you are concerned about supply-chain risk. If you want extra assurance, ask for a full listing of the runtime entry file that will be executed by the platform and a brief explanation of which external endpoints (hostnames/paths) the plugin will contact at runtime.

Review Dimensions

Purpose & Capability: okName/description, package.json, openclaw.plugin.json, README/CLAUDE docs and the TypeScript source all describe a local WebSocket/HTTP channel plugin. Declared dependencies (express, ws, axios, openclaw SDK) and config options (clientWsUrl, wsPort, httpPort, gatewayToken) are consistent with implementing a local IM connector in server/client modes.
Instruction Scope: noteThe runtime documentation describes only channel behaviour (connect to clientWsUrl or listen on local ports, deliver streaming AI replies, optional gatewayToken for contacting gateway). It does not instruct reading arbitrary host files or unrelated environment variables. One minor inconsistency: the submitted manifest shows SKILL.md as 0 bytes while the runtime instructions were provided separately; confirm the actual runtime instructions that the platform will execute.
Install Mechanism: noteThere is no install spec (no external downloads), which is lower risk. The repo includes source and lockfiles; package.json dependencies are normal for a plugin of this type. The lockfile contains many transitive dependencies (including AWS SDKs) pulled in transitively by other packages — expected but worth noting for supply-chain size. No download-from-arbitrary-URL or extract steps were present.
Credentials: okThe skill requests no environment variables. It exposes a configurable gatewayToken in plugin config (optional) — this is proportional because the plugin may need to authenticate to a local OpenClaw gateway when streaming completions. The main sensitive action is that the plugin will connect to an externally configured WebSocket URL or open local HTTP/WS ports; those network actions are core to the stated purpose but require trusting the endpoints you configure.
Persistence & Privilege: okFlags show always:false and default model-invocation allowed (normal). The plugin registers a channel and exposes start/stop lifecycle hooks — this is expected for a channel plugin and does not request elevated platform privileges or always-enabled behavior.