Pluginv1.6.1

ClawScan security

Mediaclaw Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 10:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: MediaClaw's code and runtime instructions match a media-generation plugin: it calls provider APIs, runs local media tools (ffmpeg/python) and reads/writes workspace media and avatar files — nothing in the bundle looks malicious, but there are a couple of practical/informational mismatches you should note before installing.
Guidance: What to consider before installing: - Functional scope: This plugin legitimately needs network access to configured providers and needs local media tooling. Expect it to call configured yuanjing/sglang endpoints and to run ffmpeg/ffprobe and a bundled Python script (merge_ass.py) to compose subtitles and videos. If you don't want code to run ffmpeg or Python on your host, do not install. - Tooling mismatch: The registry metadata lists no required binaries, but SKILL.md clearly requires FFmpeg/ffprobe and Python for some workflows — ensure FFmpeg (and Python3 for the merge script) are installed from trusted sources before use. - Workspace file access: The skill will scan the workspace root for AVATAR-*-*.md files and may read and update avatar files; review any such files for sensitive content before installing or run the plugin in an isolated workspace. - Credentials: Provider API keys are supplied via plugin configuration (not env vars). Only configure trusted provider endpoints/keys; defaults like http://localhost:30010 or 'sk-dummy' are placeholders. - Network & privacy: The plugin will send media and prompts to the configured provider endpoints; review provider privacy/policy if you will process sensitive content. - Code review: Source files (TypeScript + Python script) are included in the package — if you need higher assurance, inspect src/api/yuanjing-client.ts and src/api/sglang-client.ts (not fully shown here) for exact network calls and any telemetry. Overall: the skill is internally consistent with its stated purpose and appears benign, but double-check the FFmpeg/Python dependency, workspace file access, and provider configuration before use.

Review Dimensions

Purpose & Capability: noteThe plugin name, description, code and SKILL.md all describe media-generation capabilities (text→image, text→speech, digital avatar, background replacement, video concat). The code includes provider clients (yuanjing/sglang) and tool registrations that align with that purpose. One mismatch: the skill metadata listing in the registry states no required binaries, but the SKILL.md (and some skill modules) explicitly require FFmpeg/ffprobe and Python (for the included merge_ass.py). That is coherent with the plugin's purpose but the top-level 'required binaries: none' is inaccurate and should be corrected so users know external tools are needed.
Instruction Scope: noteRuntime instructions instruct the agent to scan the workspace for AVATAR-*-*.md files, read/update those files, synthesize speech, invoke mediaclaw tools, run ffmpeg/ffprobe shell commands and run the included Python subtitle-merge script. Reading/writing avatar files and writing media outputs is expected for this skill, but the instructions do access the user's workspace and create many intermediate files — users should expect that the skill will read and write files in the workspace root/dedicated task directories.
Install Mechanism: okThere is no external download/install step in the manifest — package.json and package-lock refer to standard npm packages (execa, ws, @sinclair/typebox). No installer pulls code from untrusted personal servers or shorteners. The included Python script and TypeScript code are packaged with the skill, so behavior is inspectable. This is a lower-risk install model.
Credentials: okThe skill does not require environment variables or external credentials in the registry metadata; provider keys are expected to be supplied via the plugin configuration (openclaw.plugin.json schema includes yuanjing/sglang apiKey/baseUrl fields). That is proportionate for a plugin that forwards requests to external ML/API providers. There are no unexplained SECRET/TOKEN env var requirements.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated or system-wide privileges. It operates by registering tools and reading/writing files in task/workspace directories (normal for media-generation plugins). There is no indication it modifies other skills or global agent configuration.