Pluginv1.0.7

ClawScan security

matchclaw-plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 1:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's behavior broadly matches a matchmaking tool, but it reads/writes local private keys and network endpoints and uses environment overrides that are not declared in the metadata — the mismatch and external networking warrant caution.
Guidance: This skill mostly does what it says (local profile building, candidate ranking, and networked matching via Nostr/registry), but it also: (1) creates and stores a raw private key (nsec hex) in your home directory (~/.matchclaw/identity.json), (2) writes profile/notification files to disk, and (3) communicates with an external registry (default https://agent.lamu.life) and Nostr relays. The skill metadata claims no required env vars but the code reads several optional environment variables that control where data is stored and which servers it talks to. Before installing or enabling: - Review the repository and scripts (especially scripts/bridge.sh and the CLI entry points) to understand when network operations occur. - If you prefer control, set MATCHCLAW_DIR_OVERRIDE to a directory you control and set MATCHCLAW_NOSTR_RELAYS / MATCHCLAW_REGISTRY_URL to relays/registry you trust. - Expect private key material to be created locally; if that is unacceptable, do not install. - Consider running this skill in a sandboxed account or VM if you want to limit exposure. - If you need the metadata to declare the envs and network behavior explicitly, ask the publisher to update the skill manifest to list the optional environment variables and explain external endpoints and data flows.

Review Dimensions

Purpose & Capability: noteThe code implements matchmaking: building an observation/profile, ranking candidates, negotiating via Nostr relays, and registering with a central registry. That aligns with the skill name/description. Minor metadata inconsistencies: the registry/package JSON lists a homepage (https://agent.lamu.life) while earlier registry metadata showed 'Homepage: none'. The requirement list claims no env vars or binaries, yet the code expects optional environment variables to override directory and network endpoints (MATCHCLAW_DIR_OVERRIDE, MATCHER_DIR_OVERRIDE, MATCHCLAW_REGISTRY_URL, MATCHER_REGISTRY_URL, MATCHCLAW_CARD_URL, MATCHCLAW_NOSTR_RELAYS, MATCHCLAW_DEBUG, MATCHCLAW_DEV). These env variables are reasonable for a networked matchmaking client, but they should have been declared in the skill metadata.
Instruction Scope: concernRuntime instructions and code direct the agent to read conversation history, synthesize 'observations' from memory, persist those observations to disk (matchclaw observe --write '<json>'), and surface signals to the user. The plugin will create and store an identity file containing an unencrypted raw private key (nsec hex) in ~/.matchclaw/identity.json (written with 0o600 permissions). It also writes handoff/notification state under ~/.matchclaw and can write pending_notification.json and handoff state. Writing sensitive credentials and user profile data to disk and transmitting contact/profile info to external endpoints are within the purpose but are sensitive actions that should be explicit in metadata/instructions.
Install Mechanism: okInstruction-only installation (no install spec) — lowest install risk. The package includes dependencies (nostr-tools and @noble/curves) appropriate for Nostr-based messaging and crypto. No downloads from arbitrary hosts or extract operations were observed in the manifest.
Credentials: concernThe skill metadata declares no required environment variables or credentials, but the code reads several optional env vars (MATCHCLAW_DIR_OVERRIDE, MATCHER_DIR_OVERRIDE, MATCHCLAW_REGISTRY_URL/MATCHER_REGISTRY_URL, MATCHCLAW_CARD_URL, MATCHCLAW_NOSTR_RELAYS, MATCHCLAW_DEBUG, MATCHCLAW_DEV). The plugin also generates and stores a private key locally (no external secret required). Network access to a default registry (agent.lamu.life) and to Nostr relays is central to operation but not surfaced in the declared requirements. The platform user should be informed that contact information, profile observations, and messages will be sent to external services by default.
Persistence & Privilege: noteThe plugin persists state in a per-user directory (~/.matchclaw by default), including identity.json (private key), observation.json (profile), registration.json, and handoff state. always is false (good). The skill can be invoked autonomously (default platform behavior) and includes a bridge/heartbeat workflow (scripts/bridge.sh) to poll relays — that gives it an ongoing presence if the bridge is run or the agent invokes it. It does not appear to modify other skills or system-wide settings.