Pluginv1.0.0

ClawScan security

olostep · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 9:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's docs and runtime instructions clearly require an Olostep API key and ask the agent to read/write project files and agent config, but the package metadata does not declare those environment/config requirements — that mismatch is concerning and should be clarified before installing or granting access.
Guidance: This package advertises a web-scraping and integration toolkit that expects an Olostep API key and instructs the agent to read and modify project files and your OpenClaw config — but the registry metadata does not declare that key or those config paths. Before installing or enabling the skill: (1) verify the upstream packages (npm 'olostep', 'olostep-mcp' and Python 'olostep') on their official registries and review their code and privacy/terms; (2) be cautious about giving the agent permission to read/write your repo (.env, package.json, source files) — run integration steps manually in an isolated test repo first; (3) if you must provide an API key, prefer a scoped/test key and avoid using high-privilege production credentials; (4) consider running the MCP server in an isolated environment (separate process/container) and review network endpoints contacted (api.olostep.com); and (5) ask the publisher to correct the package metadata to declare OLOSTEP_API_KEY and any required config paths so the security implications are explicit.

Review Dimensions

Purpose & Capability: noteThe declared capabilities (scrape, crawl, batch, answers, integrate) legitimately require network access and an Olostep API key and may need access to a user's repo to integrate SDKs — the capabilities themselves are coherent with the described features. However, the package metadata lists no required env vars or config paths even though the SKILL.md and mcp.json show OLOSTEP_API_KEY and instructions to add an MCP server to OpenClaw; that's an inconsistency.
Instruction Scope: concernSKILL.md (especially skills/integrate/SKILL.md) instructs the agent to: inspect the user's project files (package.json, pyproject.toml, requirements.txt, .env), modify or create a .env, write integration code, and (in the top-level docs) add an MCP server entry to OpenClaw config. Those are legitimate for an integration flow but touch arbitrary project files and agent config — and the metadata does not declare this file access. The instructions also direct network calls to api.olostep.com and to install packages (npm/pip) which will execute external code if the user follows them.
Install Mechanism: okThere is no automated install spec bundled with the registry entry (instruction-only). That lowers installer risk because nothing arbitrary is automatically downloaded by the skill itself. However, SKILL.md recommends installing third-party packages (npm/pip) and adding an MCP server that will run 'npx olostep-mcp' — those are external installs the user would perform, so review of the referenced upstream packages (npm/pypi) is recommended.
Credentials: concernThe skill repeatedly references OLOSTEP_API_KEY (mcp.json, SKILL.md examples, SDK usage, and CI workflows) and the integrate skill instructs storing an API key in the project's .env. Yet the registry metadata claims 'Required env vars: none' and 'Primary credential: none'. This mismatch is the primary red flag: the skill will be nonfunctional without that secret, and the metadata fails to disclose it. Tests and CI also reference a secret (GitHub workflow uses secrets.OLOSTEP_API_KEY), showing that live API credentials are expected for full functionality.
Persistence & Privilege: notealways:false and model invocation is enabled (normal). The skill asks users to add an MCP server entry to their OpenClaw configuration and to store an API key in a .env file — these are persistent changes the user must approve explicitly. The skill does not request forced always-on or elevated platform-wide privileges in the registry metadata, but the SKILL.md's recommended config edits mean the user should be deliberate when applying them.