Back to plugin
Pluginv0.1.0
ClawScan security
Loom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 8:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin is internally consistent with its stated purpose: it is a thin OpenClaw integration that talks to a Loom Python backend on a configurable URL (default localhost) and exposes memory tools/commands; nothing in the code or instructions requests unrelated credentials or hidden endpoints.
- Guidance
- This plugin appears to do what it claims: integrate OpenClaw with a Loom backend running on a configurable HTTP URL (default http://localhost:8666). Before installing, consider these points: - Run Loom locally and confirm it's listening on localhost; keep the backend behind localhost or a firewall if you don't want it exposed. The plugin talks over HTTP to the configured loomBaseUrl, so avoid pointing it at public/unknown endpoints. - Loom (the Python backend) needs an LLM API key (OpenAI/OpenRouter/etc.). Keep those keys in the Loom backend config files (configs/loom.yaml or .env) and do not paste them into third-party services. The plugin itself does not request API keys. - The SKILL.md recommends running installers (pip install -e ., and a curl | bash for OpenClaw). Inspect any remote install script before running it. Prefer installing OpenClaw from trusted package sources or via package manager if you are unsure. - The SKILL.md includes an 'AI-Assisted Setup' option that instructs an agent to fetch and run the upstream setup guide; only allow an agent to run commands if you trust it and have reviewed the commands it will execute. - The repository includes a large package-lock.json with many SDKs that are not present in package.json; treat that as a red flag to inspect (it may be an extraneous lockfile). If you run npm operations, prefer npm ci with a vetted lockfile or avoid running npm install in untrusted repos. If you want extra assurance: run the plugin in a test environment first, inspect openclaw.plugin.json and index.ts (already done here — nothing suspicious), and verify Loom backend logs while exercising slash commands (status, inspect, recall) to confirm endpoints and behavior.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and source code align: the TypeScript plugin registers a Context Engine, agent tools, and slash commands and calls a Loom FastAPI backend via HTTP endpoints. The plugin does not request unrelated system credentials or binaries.
- Instruction Scope
- noteRuntime instructions ask you to install and run the Loom Python backend (pip install -e .; loom init; loom serve) and to configure the Loom backend's LLM API key and base_url. The guide also suggests running a one‑line installer (curl | bash) for OpenClaw and includes an 'AI-Assisted Setup' prompt that asks an agent to fetch and execute the upstream setup guide. These steps are appropriate for setting up Loom but give an installer or agent broad discretion to run system commands — exercise usual caution before running remote install scripts or permitting an agent to perform installs.
- Install Mechanism
- okThis is instruction-first and includes no automated install spec. The plugin's npm/package.json is minimal (single runtime dependency). No downloaded archives or obscure URLs are invoked by the plugin itself. The SKILL.md does reference external installers (OpenClaw one‑liner) which are standard but merit user review before execution.
- Credentials
- noteThe plugin declares no required env vars and the code uses optional LOOM_* environment variables for configuration. The SKILL.md correctly instructs placing LLM API keys in the Loom backend config (loom.yaml or .env) — that is reasonable because the Python service needs a provider API key. One minor oddity: the included package-lock.json contains many large SDKs (AWS, Anthropic, etc.) that the package.json does not depend on; this may be a leftover/bundled lockfile and is disproportionate to the plugin's runtime needs. Recommend reviewing package-lock.json before running npm installs.
- Persistence & Privilege
- okThe plugin doesn't request always: true and doesn't modify other plugins or system-level configs. It registers tools and slash commands (expected) and can be invoked autonomously by the agent (platform default). The plugin's persistence model delegates storage to the Loom backend; the plugin itself does not persist secrets or alter other skills' configs.