Pluginv0.5.2

ClawScan security

OpenClaw Swarm Layer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 6:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill’s code, README, and runtime instructions are consistent with a spec-driven OpenClaw plugin that reads/writes project state and controls an ACP-backed autopilot; nothing requested is disproportionate or inconsistent with that purpose.
Guidance: This skill appears to be what it claims: a local OpenClaw plugin that builds task graphs, persists session and autopilot state, and dispatches runs via the platform's ACP runner. Before installing: (1) review package.json and the dependency tree (npm audit) to ensure third-party modules are acceptable; (2) confirm where OpenClaw supplies ACP/control-plane credentials (so you understand what the plugin can request/dispatch); (3) install first in a non-production or sandbox project and inspect the plugin-created files under your project directory to verify no unexpected paths are written; (4) if you plan to enable the autopilot service loop, review the autopilot/review policy configuration to ensure auto-approval/deny-tag rules match your safety posture; (5) if you want stronger assurance, run the unit/e2e tests included in the repo and perform a code review of any modules that make network calls or spawn processes. Overall, the package is internally coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description, CLI commands, and included source files all describe a workflow/orchestration plugin for OpenClaw (autopilot, session management, review gates, reporting). The included files implement the features claimed; there are no unrelated credentials, binaries, or surprising external services requested in the metadata.
Instruction Scope: noteSKILL.md and the code operate on a user-provided --project path and on plugin-managed state/log files (saveState, appendDecision, session stores, etc.). This is expected for a workflow plugin, but users should expect the skill to read and write files under the project directory and to interact with the platform's ACP control plane. No instructions ask for unrelated system-wide data or secrets.
Install Mechanism: okNo special install spec is embedded; installation is via normal package channels (openclaw plugins, npm, or local install). The package contains source and package.json; there are no downloads from ad-hoc URLs or extract-from-unknown-host steps in the SKILL.md.
Credentials: okThe skill declares no required environment variables or credentials. Its interactions with ACP/control-plane appear to rely on OpenClaw runtime configuration rather than asking for new secrets. That is proportionate to its purpose, but you should confirm how your OpenClaw host provides ACP access (tokens/agent permissions) before enabling autopilot features.
Persistence & Privilege: okalways:false and user-invocable:true. The plugin can start a service loop that periodically runs ticks and persists state under the project; that is expected for an autopilot plugin. It does not request global/always-on privilege or change other skills' configs.