Pluginv0.1.0

ClawScan security

Database · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 29, 2026, 12:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, instructions, and config are coherent with a local SQLite database tool and do not request unrelated credentials or network access.
Guidance: This plugin appears to be what it claims: a local SQLite manager. Before installing: (1) choose or review the configured storagePath — don't point it at an existing sensitive file or directory; (2) be aware npm install will fetch transitive dependencies listed in package-lock (review package-lock if you want to audit exact dependencies); (3) the plugin will create and write the SQLite file under your home path and requires restarting the OpenClaw gateway to enable; and (4) because plugins can be invoked by agents, only enable it in agent environments you trust. If you need stronger isolation, run OpenClaw and this plugin in a separate user/VM/container.

Purpose & Capability: okName/description match the implementation: the package registers tools for schema inspection, SQL execution, transactions, and CRUD and operates on a local SQLite file. No unrelated credentials, binaries, or config paths are required.
Instruction Scope: okSKILL.md instructs a local npm build and OpenClaw plugin install/enable/restart and documents the storagePath (defaults to ~/.openclaw/state/database/database.sqlite). Runtime instructions and registered tools operate on the local database only and do not read or transmit other system secrets or call external endpoints.
Install Mechanism: okThere is no remote ad-hoc download; installer steps use npm install / npm run build and OpenClaw's plugin install workflow. package-lock shows many transitive packages (likely brought in by the OpenClaw dependency), but all are from the npm registry — no suspicious URL/extract operations in the manifest.
Credentials: okThe skill declares no required environment variables or credentials and the code does not reference unexpected env vars or external credentials. It only writes to a configurable local storagePath.
Persistence & Privilege: okalways is false and model invocation is allowed (platform default). The plugin stores its own SQLite file under the configured storagePath but does not request system-wide privileges or modify other skills' configs.