Pluginv0.7.2

ClawScan security

Google Chat Pub/Sub Listener · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 4, 2026, 12:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, instructions, and required secrets align with its stated purpose (listening to Google Chat via Workspace Events + Pub/Sub); nothing requests unrelated credentials or suspicious installs, though it does persist tokens/state and downloads attachments which you should treat as sensitive.
Guidance: This plugin appears to do exactly what it says: bridge Google Chat (Workspace Events → Pub/Sub) to OpenClaw agents. Before installing, review and decide where you will store these sensitive files (OAuth client secret, OAuth tokens JSON, and bot service-account JSON). Prefer a restricted, non-admin service account with only the Pub/Sub and Chat scopes needed. Protect the tokensFile and state file (correct filesystem permissions, avoid world-readable config). Be aware the plugin will download user-uploaded attachments — if that is a concern, verify where they land and implement retention/cleanup. Finally, if you later revoke access, rotate/revoke the OAuth client secret and refresh token and remove the service account keys. If you want extra assurance, review index.ts (present in the package) or run the plugin in a test workspace first.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, openclaw.plugin.json and index.ts all implement a Google Chat Pub/Sub listener that polls Pub/Sub, routes messages to agents, and replies via the Chat API. The OAuth client ID/secret, OAuth tokens file, and bot service-account JSON referenced in docs are appropriate and expected for this integration.
Instruction Scope: noteRuntime instructions are focused on the channel's setup: enabling APIs, creating Pub/Sub topics/subscriptions, performing OAuth flow, and configuring openclaw.json. They direct saving OAuth tokens and a service-account JSON to local files and describe downloading message attachments. This is within scope but important: the plugin directs storing and reading sensitive files (client secret, tokens file, service account JSON) and will download user attachments to disk.
Install Mechanism: okNo remote arbitrary downloads or unusual install steps are used. The package is published to npm and installation is via 'openclaw plugins install' or manual copy of files. The repository and package.json look standard; no extracted archives from unknown hosts are required.
Credentials: noteNo unrelated environment variables are requested. The plugin legitimately requires Google credentials: OAuth client ID/secret, OAuth tokens file, and a service-account JSON path. These are necessary for Pub/Sub + Chat API access, but they are sensitive and the docs instruct storing them in config/files—confirm you are comfortable with those secrets being on-disk and in your OpenClaw config.
Persistence & Privilege: notealways:false (normal). The plugin auto-creates and auto-renews Workspace Events subscriptions (4h TTL) and persists subscription state to ~/.openclaw/gchat-pubsub-subscription-state.json; it also may store attachments locally. This ongoing background activity and disk persistence are expected for a channel plugin but increase the surface you should review (where tokens/state are saved, file permissions, and service-account scopes).