Back to plugin
Pluginv0.0.6
ClawScan security
Vibe Dot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 9:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, README, and runtime instructions are consistent: it opens an SSE connection to a documented relay URL using a channel token and optionally posts agent replies to a user-provided Slack webhook.
- Guidance
- This plugin is coherent with its description: it opens an SSE connection to the documented relay (https://demo-dot-relay.vibeus.workers.dev/dot-messages) using the token you provide in OpenClaw config, and will forward agent replies only if you supply a Slack webhook URL. Before enabling: (1) confirm you trust the SSE relay (the plugin sends your bearer token to that endpoint to authenticate the stream), (2) be careful when supplying a Slack webhook because agent replies will be posted to that destination (don’t use a webhook you don’t control), and (3) note that developer-local files (.claude/settings.local.json) contain dev-time helper commands referencing local paths — these are not executed at runtime but indicate developer testing setup. If you trust the relay and control the webhook, the plugin appears to do what it says.
Review Dimensions
- Purpose & Capability
- okName/description (Vibe Dot SSE inbound channel) matches the code and SKILL.md. The plugin requires a bearer token (stored in OpenClaw config, not an environment variable) to connect to the SSE relay and optionally a Slack webhook to forward replies. Nothing requested by the plugin is unrelated to receiving transcriptions or forwarding replies.
- Instruction Scope
- okSKILL.md and the source instruct only: configure the channel token and optional Slack webhook, and the plugin will open an SSE connection and deliver transcriptions into OpenClaw. The code only reads the configured channel settings, opens fetch() to the documented relay URL, parses SSE events, dispatches inbound DMs, and (only if configured) POSTs replies to the provided Slack webhook. There are no instructions to read unrelated files, environment variables, or hidden endpoints.
- Install Mechanism
- okThis is an instruction-only plugin (no install spec). The repository contains source and tests but nothing in the manifest attempts to download or execute arbitrary remote installers. The bundle's dev/test lockfile contains many transitive packages (normal for JS projects) but the plugin itself uses the OpenClaw SDK; no uncommon or untrusted installation URLs are present.
- Credentials
- okNo environment variables or secrets are required by the registry metadata. The plugin requires a channel token and an optional Slack webhook, but those are provided via OpenClaw configuration (openclaw.json) and are documented in SKILL.md. The amount and type of credentials requested are proportional to the described functionality.
- Persistence & Privilege
- okThe skill is not force-included (always: false) and uses normal plugin runtime behavior. It does not modify other skills or system-wide configs. Allowing autonomous invocation is the platform default and is not accompanied by other concerning privileges.