Back to plugin
Pluginv0.0.2
ClawScan security
Primeta Channel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 1:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code and runtime instructions align with its stated purpose (bridging Primeta avatar UI to a local OpenClaw agent); requested credentials and actions are proportional and expected for that functionality.
- Guidance
- This plugin appears to do exactly what it says: connect your OpenClaw agent to Primeta's avatar UI using a Primeta API token. Before installing: 1) Ensure you trust primeta.ai (you will give an API token that the plugin writes into ~/.openclaw/openclaw.json in plaintext). 2) Review the SKILL.md raw file for any unexpected hidden characters (the pre-scan found Unicode control chars, likely from embedded images). 3) Remember the plugin opens an outbound WebSocket to the configured Primeta server and exposes a local /primeta endpoint (SSE) for clients; if you enable the endpoint, follow your normal local network security practices. If you are comfortable storing the token locally and trust Primeta, the package is coherent and reasonable to install.
- Findings
[unicode-control-chars] unexpected: The regex-based pre-scan detected Unicode control characters in SKILL.md content. This is likely from embedded binary assets (GIF/image) or stray hidden characters rather than an active prompt-injection payload, but you should preview the SKILL.md raw text (or remove binary embeds) before trusting it. No other suspicious patterns were flagged.
Review Dimensions
- Purpose & Capability
- okName/description match the actual implementation: the package registers an OpenClaw channel, dials out to a Primeta server over WebSocket using a Primeta API token, routes inbound chat frames into the agent, and exposes a local /primeta HTTP+SSE surface. The setup helper merges a Primeta block into ~/.openclaw/openclaw.json. All required capabilities (apiKey, serverUrl, bridgeName) are coherent with the declared purpose.
- Instruction Scope
- noteSKILL.md and runtime code only describe actions relevant to bridging the avatar UI (opening a WebSocket to Primeta, injecting persona system prompts, dispatching turns, and adding a local /primeta endpoint). A pre-scan flagged unicode-control-chars in the SKILL.md content (see scan_findings_in_context). This is likely an artifact from included binary image/GIF content or hidden characters but should be inspected. The guide instructs writing the Primeta API token into ~/.openclaw/openclaw.json (expected for a channel) — users should be aware this stores a secret in plaintext in their local OpenClaw config.
- Install Mechanism
- okNo external download/extract install spec is present in the metadata (instruction-only). The package contains compiled JS files and assets (bundled with the plugin). There are no obscure remote installers or short URLs in the metadata. Installation is expected to proceed via the OpenClaw plugin mechanism (e.g., clawhub) or the provided CLI; nothing in the provided files indicates a high-risk install method.
- Credentials
- noteThe plugin does not request unrelated credentials. It accepts a Primeta API token (via --token or PRIMETA_API_KEY fallback) which is appropriate for authenticating to primeta.ai. However, the setup writes that token into ~/.openclaw/openclaw.json (plaintext). This credential access is proportional to the purpose but is sensitive: users should only provide a token they trust Primeta with and be aware of local storage.
- Persistence & Privilege
- okThe skill does not request force-inclusion (always: false) or system-wide privileges. It registers a channel and an HTTP route within the OpenClaw runtime and writes its own channel block into the user's OpenClaw config when the user runs the init command — behavior that is expected for a plugin. It does not attempt to modify other plugins or global agent settings beyond adding its own channel entry.