Pluginv0.1.0

ClawScan security

Beorx Cortex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 2:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code and SKILL.md require a payer private key and x402 service URLs for paid requests (which matches the stated paid workflow), but the registry metadata claims no required environment variables — an inconsistency that users should understand before installing.
Guidance: This plugin implements a paid, x402-based text and screenshot service and will require you to provide an EVM/private key (payerPrivateKey) and text/vision proxy URLs before it will work. That is expected for a pay-per-request design, but note two practical cautions: (1) the registry metadata omitted these environment requirements — don’t assume no secrets are needed; (2) the payer private key is sensitive. If you install this plugin: use a dedicated payer wallet with only the minimal funds needed for test requests, review and confirm the x402 endpoint URLs (BEORX_X402_URL / BEORX_X402_VISION_URL) point to Beorx-managed or otherwise trusted proxies, and avoid supplying any long-term or high-value private key. Also review the plugin's package.json and dependency tree before npm installing, and test in a safe environment first. If anything is unclear, ask the publisher to document required env vars explicitly and confirm the safety of their x402 endpoints.

Review Dimensions

Purpose & Capability: noteThe plugin advertises paid text and vision crypto intelligence and the code implements exactly that: it builds text/vision request payloads, reads local screenshot files for vision requests, and performs paid x402 HTTP posts signed by an EVM private key. Requiring a payer private key and x402 endpoints is consistent with the claimed paid, x402-on-Base design. However, the registry summary supplied at the top lists 'Required env vars: none' while the code actually reads several environment variables (BEORX_X402_URL, BEORX_X402_VISION_URL, BEORX_PAYER_PRIVATE_KEY and fallbacks like EVM_PRIVATE_KEY), which is an incoherence between declared metadata and actual need.
Instruction Scope: noteSKILL.md and the tool implementations stay within the stated scope: sending paid text or screenshot requests and returning formatted results. The vision tool reads an arbitrary local image path (path.resolve + fs.readFileSync) supplied by the caller and encodes it, which is expected for screenshot analysis but means the plugin will read any file path you pass to it. The runtime also reads environment variables for URLs and keys. There are no instructions to scan unrelated system files or exfiltrate arbitrary data beyond request payloads.
Install Mechanism: okThis is an instruction-only skill (no external download URLs). Source includes code and a package.json; installing will pull npm dependencies (package-lock lists many transitive packages). There are no downloads from odd or untrusted URLs and no extract-from-URL install entries. The dependency tree is somewhat large (transitive packages present) but not unusual for a plugin using payment and crypto libraries.
Credentials: concernThe plugin requires access to a sensitive EVM private key (payerPrivateKey / BEORX_PAYER_PRIVATE_KEY / EVM_PRIVATE_KEY / OPENCLAW_TEST_PAYER_PRIVATE_KEY) to settle x402 payments. That is proportionate to a pay-per-request service, but it is high-sensitivity and should be highlighted. The bigger problem is the mismatch between the registry metadata (which lists no required env vars) and the code/SKILL.md (which require x402 URLs and a payer private key). Users may be surprised when asked to provide a private key — make sure you only provide a dedicated payer key with minimal funds and understand where x402 URLs point.
Persistence & Privilege: okThe plugin is not always:true and does not request system-wide changes. It registers two tools and uses the agent API as expected. Autonomous invocation is allowed (default) — combined with access to a private key this increases blast radius, but autonomous invocation alone is not unusual for plugins and is not set to always:true.