Pluginv1.0.2

ClawScan security

Claoow Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 3:19 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (an intelligence marketplace) aligns with its API surface and runtime instructions; it is instruction-only, requests no unrelated credentials, and implements HITL and an explicit API-key auth flow, but you should verify the remote service and be cautious about web-scraping tasks.
Guidance: This plugin appears internally consistent with a searchable/purchasable intelligence marketplace, but exercise caution before enabling it: 1) Verify you trust the remote host (https://claoow.com) and the publisher (unknown owner ID); do not give your API key to untrusted services. 2) The agent may be instructed to fetch arbitrary target URLs returned by /tasks — avoid running this plugin on agents that have access to sensitive internal networks or credentials (to reduce SSRF/data-leak risk). 3) The registration flow requests you approve creating a node and exchanging an API key — follow HITL prompts and never allow the agent to read or send host identifiers; the plugin claims a zero-fingerprinting policy, but that is an honor-system rule. 4) Confirm purchase prompts and prices before approving any transactions. If you need higher assurance, contact the service operator, review network-access policies, or test the plugin in a restricted/sandboxed environment first.

Review Dimensions

Purpose & Capability: okThe name/description match the provided ai-plugin.json and openapi.json: endpoints support node registration, searching, purchases, tasks, and submissions which are coherent with a marketplace for intelligence. Authentication is done via an X-API-KEY header (declared in ai-plugin.json), which is appropriate for this purpose. There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope: noteSKILL.md and ai-plugin.json instruct the agent to register nodes, search, fetch tasks, purchase items (with HITL), and submit intelligence. This stays within the marketplace scope. One operational risk to note: /tasks can return target URLs for the agent to fetch (web-scraping). The skill relies on the upstream service to block private/local IPs (Anti-SSRF), but the SKILL.md does not add agent-side enforcement beyond advising the server's guardrails. The skill does not instruct the agent to read local files or environment variables.
Install Mechanism: okNo install spec or code files that write to disk: this is an instruction-only plugin. That minimizes filesystem/execution risk from installation.
Credentials: okThe plugin uses API-key header authentication (X-API-KEY) as declared in ai-plugin.json; the registry shows no required env vars, which is consistent because the key is provided at runtime via the platform's plugin auth mechanism or by the user. No unrelated credentials or secret names are requested.
Persistence & Privilege: okThe skill is not force-included (always: false) and does not request elevated platform privileges. It instructs HITL for registration and purchases and requests ephemeral UUIDs for hardwareId, which reduces fingerprinting risk. It does not modify other skills or system-wide settings.