Back to plugin
Pluginv0.3.2
ClawScan security
OpenClaw SeaTalk channel plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 11:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The package appears to do exactly what it claims (a SeaTalk channel plugin): it requires SeaTalk credentials, runs a webhook or relay client, interacts with openapi.seatalk.io, and the code and docs are consistent with that purpose; the only minor mismatch is the registry metadata not listing the environment variables the plugin actually reads.
- Guidance
- This plugin appears to be a legitimate SeaTalk channel integration. Before installing: (1) Be prepared to supply SeaTalk credentials (App ID, App Secret, Signing Secret) — the README and code use environment variables SEATALK_APP_ID, SEATALK_APP_SECRET, SEATALK_SIGNING_SECRET even though the registry metadata doesn't list them. (2) Decide whether to run in webhook mode (exposes an HTTP endpoint/port) or relay mode (opens an outbound WebSocket to a relay); ensure network/firewall settings match your security policy. (3) Review DM and group policies (dmPolicy, groupPolicy) to avoid exposing the bot to unsolicited messages — consider allowlist or pairing rather than open. (4) The plugin will download inbound media from configured hosts and cache tokens locally; run it on a trusted host and store credentials securely. (5) If you need higher assurance, review the full source (included) and confirm the npm package comes from the expected GitHub repository before installing.
Review Dimensions
- Purpose & Capability
- noteThe plugin name/description, README, SKILL.md and source files consistently implement a SeaTalk channel integration that needs App ID, App Secret and Signing Secret and network access to openapi.seatalk.io. However, the registry metadata reports "Required env vars: none" and "Primary credential: none", which is inconsistent with the plugin's documented/implemented credential requirements (SEATALK_APP_ID, SEATALK_APP_SECRET, SEATALK_SIGNING_SECRET). This is likely an omission in metadata rather than malicious.
- Instruction Scope
- okSKILL.md and README focus on SeaTalk integration: configuring credentials, choosing webhook vs relay modes, setting policies, and onboarding. The runtime instructions and code reference OpenClaw config (~/.openclaw/openclaw.json) and environment variables for credentials — both expected for a channel plugin. No instructions request unrelated files, broad system scanning, or exfiltration to unexpected endpoints.
- Install Mechanism
- okThere is no special installer in the registry (installation is via standard npm or local linking). The package includes a normal package.json and dependencies (ws, typebox, zod). No downloads from arbitrary URLs, no extracted archives from untrusted hosts, and the repo points to GitHub. This is proportional for a plugin with compiled TypeScript source loaded by OpenClaw.
- Credentials
- noteThe code legitimately requires SeaTalk credentials (appId, appSecret, signingSecret) and will use them to obtain and cache access tokens and to download media from SeaTalk endpoints. Those credentials are appropriate for the stated purpose. The only issue is the package registry metadata did not declare required env vars; the README and code clearly document and read SEATALK_APP_ID, SEATALK_APP_SECRET, and SEATALK_SIGNING_SECRET.
- Persistence & Privilege
- okThe plugin does not request always:true and uses normal OpenClaw plugin lifecycle semantics. It may start a webhook HTTP server or a WebSocket relay client (expected for a messaging channel), cache tokens, and send messages as the bot — all consistent with its role. It does not attempt to modify other plugins' configs or request system-wide privileges.