Pluginv1.0.2

ClawScan security

Higgsfield MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 12:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The bundle appears to do exactly what it says — it configures an OpenClaw connector to Higgsfield's remote MCP endpoint — and its files and instructions are proportionate to that purpose.
Guidance: This bundle is coherent for connecting OpenClaw to Higgsfield. The main residual risk is that it runs 'npx mcp-remote@0.1.38' which will download and execute code from the npm registry at runtime — this is expected for an stdio bridge but means you should trust the mcp-remote package and Higgsfield. If you want extra caution: (1) review the mcp-remote package source (or vendor a vetted binary) before using, (2) run the connector in a restricted environment if possible, and (3) be mindful that image/video generations will consume your Higgsfield credits and never paste account/session tokens into prompts or logs.

Review Dimensions

Purpose & Capability: okName, description, and SKILL.md all describe a remote MCP connector to Higgsfield. The declared MCP endpoint (https://mcp.higgsfield.ai/mcp) and use of an mcp-remote stdio bridge match the stated purpose; there are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: okSKILL.md and README provide narrow, expected runtime instructions (install plugin, enable it, restart gateway, use Higgsfield to authenticate). The skill does not instruct reading unrelated local files, environment variables, or exfiltrating data. It warns users about credit usage and sensitive tokens.
Install Mechanism: noteThere is no separate install spec, but .mcp.json launches 'npx -y mcp-remote@0.1.38 https://mcp.higgsfield.ai/mcp' at runtime. That will fetch and execute an npm package (mcp-remote@0.1.38) — a common mechanism for connectors but one that executes third-party code from the npm registry. The package version is pinned (0.1.38), which reduces some risk. If you require stricter controls, review the mcp-remote package source or vendor the binary instead.
Credentials: okThe bundle requests no environment variables, no credentials, and no config paths. The SKILL.md explicitly notes that authentication is via Higgsfield's connector flow rather than OpenClaw API keys, which is consistent and proportionate.
Persistence & Privilege: okSkill does not request always:true and is user-invocable. Installation steps ask to enable the plugin and restart the gateway (expected for connector plugins). It does not attempt to modify other skills' configuration or require permanent elevated presence.