Pluginv0.1.0-test.0

ClawScan security

Newsdance OpenClaw Plugin Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin mostly does what it says (accepts Newsdance webhooks and forwards them via an OpenClaw delivery target), but there are inconsistencies around its runtime dependencies and configuration that you should review before installing.
Guidance: This plugin's behaviour is coherent with its description but check three things before installing: (1) Ensure the OpenClaw CLI ('openclaw') is present on the host or explicitly set a safe openclawBinary in the plugin config — do not point it at arbitrary system binaries. (2) Provide the webhook secret securely (the plugin references an env var id in examples); the registry metadata did not declare required env vars — confirm how you will supply the secret. (3) Review and limit who can configure the plugin (path and binary) because the plugin executes a local command with the message content; a misconfigured binary path could be abused. If you need higher assurance, ask the maintainer to (a) declare the required binary in the package metadata, (b) document expected env var names, and (c) restrict openclawBinary to a safe default or validate it on startup.

Review Dimensions

Purpose & Capability: noteThe code implements the described behaviour (HTTP route, payload validation, formatting, and sending via an OpenClaw CLI). However, the skill invokes an external 'openclaw' binary (or whatever path is set in the plugin config). The package/registry metadata did not declare any required binary dependency even though the runtime needs an executable — this is an incoherence the maintainer should clarify.
Instruction Scope: okSKILL.md and README describe only webhook handling and delivery. The implementation stays inside that scope: it reads the request body, validates a bearer secret, formats a message, and invokes a delivery client. One caveat: the plugin runs a local command (openclaw) to deliver messages; the path is configurable in plugin config, which could allow executing a different binary if misconfigured.
Install Mechanism: okNo install spec — instruction-only at install time — and provided code is packaged in dist/. Nothing is downloaded or written during installation by the registry metadata. This is lower risk from an installation mechanism perspective.
Credentials: noteThe plugin requires a webhook secret (either literal or referenced from env). SKILL.md suggests an env var id (NEWSDANCE_OPENCLAW_PLUGIN_SECRET), but the registry metadata lists no required environment variables. That mismatch should be clarified. Also the plugin config allows specifying an openclawBinary path — potentially sensitive if set to an unexpected program.
Persistence & Privilege: okThe plugin does not request always: true and does not modify other skills or system-wide configuration. It can be invoked autonomously by the agent (default), which is expected for plugins; combine that with the ability to run a configured local binary when evaluating risk.