Pluginv0.1.4

ClawScan security

Accountability Verification · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 9:08 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime behavior are consistent with its stated purpose (post‑hoc verification of files written by agents); it reads local files and resolves imports but does not request unrelated credentials or make unexpected network calls.
Guidance: This plugin appears to do what it claims: after tools write files it checks existence, optionally runs TypeScript/JS syntax checks, and verifies local imports. Before installing, consider the privacy implications: the plugin reads the contents of files the agent writes (and probes whether their local imports exist), so any secrets or sensitive data written by agents would be read by this plugin. If you do not want file contents inspected, disable syntaxCheck/importCheck in the plugin config or do not install the plugin. The plugin will only update openclaw-ftal if that optional package is present; there are no network exfiltration calls in the code. If you need higher assurance, review the listed source files yourself or run the plugin in a restricted test environment first.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the plugin registers an after_tool_call handler, extracts file paths from tool params/patches/shell redirects, checks existence, optionally runs a TypeScript/JS syntax check and resolves local imports, and optionally updates openclaw-ftal confidence. No unrelated environment variables, binaries, or remote endpoints are required.
Instruction Scope: noteThe handler will read files written by the agent (readFileSync/existsSync) and, when enabled, parse their contents and check referenced local imports. That behavior is coherent with the stated purpose, but it does mean the plugin will access the contents and existence of files (and probe local import paths). If those files could contain sensitive data, this is a privacy consideration. There are no instructions that read unrelated env vars or transmit data to external endpoints.
Install Mechanism: okNo install spec is provided (instruction-only plugin), and package.json lists only a small runtime dependency (zod). A pnpm lockfile is included (dev dependencies pull in many packages via the OpenClaw dev peer), but there's no off‑platform URL downloads or archived installers. Runtime behavior relies on dynamic imports (typescript and openclaw-ftal) which are optional.
Credentials: okThe skill declares no required environment variables or credentials. It dynamically imports optional peer packages (typescript, openclaw-ftal) but does not request AWS or other unrelated credentials. It accesses only file system paths that correspond to agent-written files and their local imports.
Persistence & Privilege: okThe plugin uses the normal model-invocation flow: it registers an event handler during plugin registration. always is false and it does not modify other skills' configs. It will update openclaw-ftal state if that optional package is present, which is a scoped and explained integration.