Pluginv0.1.0

ClawScan security

Deep Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 28, 2026, 11:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code and instructions match its stated purpose (local research workspace) but there is an important mismatch in its metadata that could give it broader privilege than expected.
Guidance: This plugin appears to do what it says: provide local research workspaces persisted to a JSON file. Before installing, check two things: (1) confirm which 'always' setting the platform will honor — the SKILL.md contains metadata setting always:true while the registry lists always:false; always:true would force-enable the plugin in every agent run and increases risk. (2) Verify the storage path (~/.openclaw/state/...) is acceptable for your environment and that sensitive notes are stored appropriately (consider file permissions or encrypting sensitive research). Also confirm you trust the plugin author and repository (it installs locally via npm build) since the plugin will write and read files under your home directory. If you need greater assurance, inspect the resolveStoragePath function (truncated in the provided bundle) to confirm it expands and restricts paths safely and does not allow unexpected filesystem locations.

Review Dimensions

Purpose & Capability: okName, description, and registered tools align with the code: the plugin implements local research sessions, resource capture, and synthesis persisted to a JSON file. Declared dependencies (@sinclair/typebox, openclaw) and the files included are appropriate for this functionality.
Instruction Scope: noteSKILL.md instructs normal build/install steps and to use web_search for gathering evidence. It tells the plugin to persist data to a JSON file under the user's home (~/.openclaw/state/deep-research/research.json) which is consistent with the stated purpose. However, the skills/deep-research/SKILL.md front-matter includes metadata {"openclaw":{"always":true}} which expands the plugin's runtime scope (force-enabled everywhere) and conflicts with the registry-level flag (always: false).
Install Mechanism: okNo remote download or extraction steps. The SKILL.md uses standard npm build/install and the package is installed locally via openclaw plugins install — this is low risk and expected for an OpenClaw plugin.
Credentials: okThe plugin requests no environment variables, no credentials, and accesses only a local storage path for persisting research state. There are no other declared secrets or unrelated service credentials.
Persistence & Privilege: concernThe SKILL.md includes metadata that sets always:true (force-enable the plugin), while the registry metadata shows always:false. If the platform honors the SKILL.md metadata, the plugin would be force-included in all agents, increasing its blast radius even though it only stores local JSON. Always:true combined with autonomous invocation (standard) is a notable privilege escalation and should be confirmed before enabling.