Pluginv1.0.0

ClawScan security

openclaw power pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 9:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package mostly does what its name/description promise (install templates, helper scripts, and cron jobs), but there are a few inconsistencies and insecure practices (metadata mismatch, placeholder crontab entries, and advice to store credentials in plaintext) that warrant manual review before installing.
Guidance: Before installing, review these points and take precautions: - Confirm metadata: SKILL.json declares a Python installer (install.py) even though the registry summary indicated 'no install spec'. Expect the installer to run locally and write files and cron jobs. - Inspect the code: open install.py, uninstall.py, and the model-checker scripts to verify any network calls, endpoints, and exact cron payloads. If you plan to supply OPENROUTER_API_KEY or SMTP credentials, inspect the model-checker and scripts to ensure they only call trusted services. - Do NOT store secrets in workspace markdown: the templates/TOOLS.md suggests putting router passwords, SSH credentials, and API keys into a plain file. That is insecure — use a secure secrets mechanism (e.g., OS keyring, ~/.secrets with strict permissions, or a dedicated secrets manager) and never commit these files to version control. - Run installer in dry-run first: install.py appears to support non-destructive checks (or you can run it inside a disposable environment). Check the install log at ~/.openclaw/workspace/logs/openclaw-power-pack-install.log after a trial run. - Review placeholder crontab entries: some recommended user crontab entries reference wrapper scripts that may not be provided by this package. Do not add suggested user crontab entries until you verify the referenced scripts exist and are what you expect. - Check cron target: the installer uses a 'cron' CLI (cron status/list/remove). Confirm this 'cron' CLI maps to the OpenClaw gateway API and not an unrelated system tool on your system. - Backup: use the uninstaller's dry-run and backup features first to see what would be changed. Keep backups of MEMORY.md/TOOLS.md before installation. If you are comfortable after those checks, proceed; otherwise treat this package as needing manual vetting because of the noted inconsistencies and insecure guidance.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (power pack of templates, cron patterns, and a model-checker) matches the files present: installer/uninstaller, many template docs, helper scripts, and a bundled model-checker subskill. However the registry summary above said 'No install spec / instruction-only', while SKILL.json includes a Python install entry (install.py). That metadata mismatch should be clarified. Overall, required capabilities (writing to ~/.openclaw, placing scripts in ~/.local/bin, creating cron jobs, and optionally installing model-checker) are coherent with the described purpose.
Instruction Scope: concernThe installer and docs will append or create files under ~/.openclaw/workspace and install scripts to ~/.local/bin, and will create OpenClaw-managed cron jobs via the 'cron' CLI. The templates/TOOLS.md explicitly encourages recording router credentials, API credentials, SSH passwords, and personal IDs in a workspace markdown file — which is insecure and beyond what a configuration pack should encourage. get_user_crontab_entries lists several placeholder wrapper scripts (e.g., security-scan-wrapper.py, anime-fetch-wrapper.py, watchdog-cos.sh) that are not obvious in the manifest; installing crontab entries pointing to missing/placeholder scripts could create confusion or silently fail. The instructions also refer to placing OPENROUTER_API_KEY in env or ~/.secrets — the installer itself doesn't require secrets but other bundled model-checker code likely interacts with external model registries and may perform network calls. Review the model-checker scripts for network behavior before providing API keys.
Install Mechanism: noteInstallation uses a local Python installer (install.py) bundled with the skill (declared in SKILL.json). This is a normal install mechanism for a Python-based pack and is lower risk than fetching code from arbitrary external URLs. No external downloads or shorteners are used in the declared installer. The earlier registry summary claiming 'No install spec' conflicts with the presence of an install entry in SKILL.json; that inconsistency should be resolved by the publisher.
Credentials: concernThe skill declares no required environment variables, which is consistent with install.py (installer itself doesn't require secrets). SKILL.md recommends optionally setting OPENROUTER_API_KEY and EMAIL_SMTP_* for functionality — those are proportionate to the stated features (model scanning, email notifications). However, templates/TOOLS.md encourages storing device/router/SSH passwords and API credentials inside a workspace markdown file (plaintext). That is disproportionate and insecure for a configuration pack: credentials should be kept in a secrets manager or restricted file, not appended into open workspace docs. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable; it will create persistent artifacts (cron jobs, scripts in ~/.local/bin, appended workspace documents) and can install another skill (model-checker) into the user's workspace. That level of persistence is expected for a configuration pack/installer. The uninstaller exists and appears to back up and remove installed components, which is appropriate.