Pluginvv1.0.1.0

ClawScan security

Acodepowerfultextcodeeditorforandroid · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 4:56 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package content implements a self‑improvement OpenClaw skill, but the skill name/registry metadata do not match the described purpose and there are optional hooks/scripts that the user must consciously enable — review before installing or enabling hooks.
Guidance: This package's contents are a self-improvement OpenClaw skill (hooks, scripts, SKILL.md), but the published name/slug imply an unrelated Android editor — ask the publisher or check the source repo to confirm which package you intend to install. Review the included scripts (activator.sh, error-detector.sh, extract-skill.sh) before running or copying them into your home directory. Do not enable the hook globally (user-level) unless you trust the author; prefer a project-level, opt-in setup and test with --dry-run or in an isolated workspace. If you expected an Android editor, do not install this skill — it is not that.

Review Dimensions

Purpose & Capability: concernThe registry name (Acodepowerfultextcodeeditorforandroid) and slug suggest an Android text/code editor, but the description and all included files implement a 'self-improvement' skill for OpenClaw. This is an obvious mismatch: if you expected an Android editor, this package is not that. The files that do exist (hooks, scripts, SKILL.md, templates) are coherent with a self-improvement/internal-logging skill and do not require unrelated credentials, but the name/metadata vs. content inconsistency is a red flag and should be clarified with the publisher before trusting or installing.
Instruction Scope: noteSKILL.md and the hook handlers are focused on logging learnings into a .learnings/ directory and injecting lightweight reminders at agent bootstrap. They explicitly advise not to log secrets and to avoid overwriting existing files. The included activator/error-detector scripts only emit reminders and the error detector reads CLAUDE_TOOL_OUTPUT for pattern matching. The extract-skill.sh can create files under the current workspace. Nothing in the instructions directs the agent to read arbitrary system credentials or exfiltrate data, but scripts and hook instructions do have permission to write files when the user runs or copies them into their home/workspace — so users should review/approve enabling hooks or running the scripts.
Install Mechanism: okThere is no automated install spec (instruction-only skill). The package contains helper scripts and hook handlers but nothing downloaded from remote URLs or strange install steps. Risk is limited to user-run commands such as copying hooks to ~/.openclaw/hooks and running scripts; those are standard for this kind of integration. The presence of executable scripts means the user should inspect them prior to running, but there is no high-risk network download or extract step.
Credentials: okThe skill declares no required environment variables or credentials. The error-detector.sh reads the CLAUDE_TOOL_OUTPUT environment variable at runtime (a platform-provided tool output variable), which is appropriate for its stated purpose. No secrets, cloud keys, or unrelated credentials are requested. That said, SKILL.md and hooks instruct creating files under user/home/workspace paths — consider filesystem access implications before enabling.
Persistence & Privilege: okalways is false and the skill is user-invocable. The hook included is optional — it will only run if the user copies/enables it in their OpenClaw hooks directory. The JavaScript/TypeScript hook injects a virtual bootstrap file into the session context (does not write to disk). The extract-skill script can create files in the current workspace when run. There is no evidence the skill attempts to modify other skills' configurations or force-enable itself.