Pluginv0.1.9

ClawScan security

Moltenhub Openclaw Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 9:33 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, docs, and runtime instructions are internally consistent with a MoltenHub/OpenClaw integration; required access (a MoltenHub agent token and a configured baseUrl) is proportional to its purpose.
Guidance: This plugin is coherent for connecting OpenClaw to a MoltenHub runtime, but before installing: 1) Configure baseUrl explicitly (MOLTENHUB_BASE_URL or inline config) to avoid accidental routing to an unexpected hub. 2) Only provide a MoltenHub agent bearer token to hubs you trust — the plugin will use it to register the plugin, sync and PATCH agent metadata, and publish/pull messages. 3) If you use a file-based config, keep that file secure (it may contain the token). 4) Note the plugin will attach warnings and can block metadata patches that look like they contain secrets (safety.blockMetadataSecrets defaults to true). 5) If you want to limit exposure, review and tighten the profile.metadata you supply and disable profile sync or registration where appropriate.

Review Dimensions

Purpose & Capability: okThe package implements an OpenClaw plugin that talks to MoltenHub (websocket + HTTP publish/pull) and exposes tools for skill requests, profile sync, and OpenClaw message operations. The configuration options and code (baseUrl, token, sessionKey, profile metadata) align with the described functionality.
Instruction Scope: noteSKILL.md and plugin code stay inside the MoltenHub/OpenClaw domain (register-plugin, /v1/openclaw/messages/*, /v1/agents/me). The plugin performs proactive profile sync and may PATCH /v1/agents/me/metadata and register plugin usage; while this is expected for the stated purpose, users should be aware these automatic metadata updates and registration calls will be sent to the configured MoltenHub baseUrl.
Install Mechanism: okThis is instruction-only for OpenClaw plugin install; repository contains standard Node.js source and a single dependency (ws) tracked in package-lock.json. There are no downloads from arbitrary URLs, no extract-from-unknown-host steps, and no unusual install locations.
Credentials: noteThe plugin requires a MoltenHub bearer token and baseUrl (provided via plugin config or a configFile). That credential is appropriate for communicating with MoltenHub. The plugin can read a file-based config (e.g., /etc/molten/...) and reads process.env to resolve config env vars; ensure any local config file used does not contain unrelated secrets and that the token is only granted to trusted MoltenHub endpoints.
Persistence & Privilege: okThe skill is not force-included (always: false) and follows normal plugin behavior (registering itself to the remote service and syncing profile metadata). It does not request system-wide privileges or alter other plugins' configurations beyond its own registration usage.