Back to plugin
Pluginv0.2.0
ClawScan security
StablePay OpenClaw Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 5, 2026, 12:43 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The plugin's code and runtime instructions are generally consistent with a local wallet + signing tool, but there are mismatches in declared metadata and the install instructions will pull npm dependencies (package-lock shows many unrelated packages), so review before installing.
- Guidance
- What to check before installing: - Metadata mismatch: SKILL.md and the code require STABLEPAY_PLUGIN_MASTER_KEY (and optionally STABLEPAY_OWS_PASSPHRASE / STABLEPAY_OWS_REST_API_KEY), but the registry lists no required env vars. Treat STABLEPAY_PLUGIN_MASTER_KEY as a sensitive secret and do not set productive/cloud credentials as its value. - Install behavior: the README instructs you to run npm install / npm run build. Inspect package.json and package-lock.json (both are included) to confirm the dependency list and understand why many transitive packages (e.g., aws-sdk related entries) appear. If you are uneasy, run the build in an isolated environment (container or VM) and/or audit the dependency tree. - Local state and files: the plugin writes an encrypted state file under ~/.stablepay-openclaw/stablepay-local-state.enc and policy files under the same directory. Back up or inspect these files if you plan to use real funds/keys. The plugin claims private keys remain client-side. - Network endpoints: by default it targets localhost (127.0.0.1) for the gateway/backend, which is appropriate for local testing. Before pointing backendBaseUrl to a remote server, ensure you trust that endpoint since DID registration and payment flows will POST to the configured backend. - Reduce blast radius: if you want to test, run the plugin in an isolated test account / dedicated user environment, and avoid reusing production secrets. Ask the publisher to fix the registry metadata to declare required env vars and, if possible, provide a minimal package.json / shrinkwrap explaining the unexpected dependencies. If you want higher confidence, request from the maintainer: (1) an explanation for the large dependency set in package-lock, (2) an updated registry manifest listing required env vars, and (3) a reviewable release tarball or signed package hash to validate what will be installed.
Review Dimensions
- Purpose & Capability
- noteThe plugin implements a local wallet, client-side DID registration, signing drivers (OWS SDK/CLI/REST/local) and payment flow — that matches the name/description. However the registry metadata claims "Required env vars: none" while SKILL.md and the code require STABLEPAY_PLUGIN_MASTER_KEY (and optionally STABLEPAY_OWS_PASSPHRASE / STABLEPAY_OWS_REST_API_KEY). The missing declaration is an incoherence in metadata vs runtime needs.
- Instruction Scope
- okSKILL.md instructs building the plugin (npm install / npm run build), installing into a Linux-native path/WSL, setting STABLEPAY_PLUGIN_MASTER_KEY, and then using the registered tools. The runtime reads/writes only a local encrypted state file (~/.stablepay-openclaw/...), writes policy files under that directory, and talks to a configurable backendBaseUrl (defaults to localhost). The instructions do not direct unrelated system-wide credential access or remote exfiltration to external domains by default.
- Install Mechanism
- concernRegistry has no formal install spec, but SKILL.md tells users to run npm install / build. package-lock.json included in the package contains a large set of transitive dependencies (including many aws-sdk/@smithy packages) that are not obviously required for the plugin's core wallet/signing functionality. Running npm install will fetch and install those packages — review package.json/package-lock to confirm why they appear before installing. No remote downloads from unknown URLs are present in the manifest, but npm installs have moderate risk because of transitive deps.
- Credentials
- concernThe environment variables the code uses (STABLEPAY_PLUGIN_MASTER_KEY for AES-256-GCM local state key; optional STABLEPAY_OWS_PASSPHRASE and STABLEPAY_OWS_REST_API_KEY for OWS runtimes) are reasonable for the plugin's functionality. The problem is that the registry metadata declared no required env vars while the SKILL.md and code clearly require a sensitive master key. That metadata omission is a material inconsistency and should be corrected. Also: do not reuse high-value secrets (cloud keys, AWS creds) as the master key.
- Persistence & Privilege
- okalways is false and the plugin registers user-invocable tools. It stores encrypted state and policy files under the user's home directory (~/.stablepay-openclaw/) and does not request system-wide configuration changes or other skills' credentials. This level of persistence and file-write access is proportional for a wallet plugin.