Pluginv1.0.11

ClawScan security

RAGFlow Kit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 11:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code and runtime instructions match its stated purpose: it reads the OpenClaw configuration for a RAGFlow api_url + api_key, and only performs search/upload/delete calls against that RAGFlow server; nothing requested or installed appears disproportionate.
Guidance: This plugin appears coherent and does what it says: it needs you to set ragflow.api_url and ragflow.api_key in your openclaw.json. Before installing, verify that api_url points to a trusted RAGFlow server and that you are comfortable storing the API key in openclaw.json (plaintext). Review the included source (dist/ and src/) if you want to confirm behavior yourself. Configure per-agent and team permissions carefully so agents only access intended knowledge bases. If you prefer not to store secrets in the OpenClaw config, consider alternatives (e.g., storing keys in a secret manager) or modifying the plugin to read credentials from a protected location.

Review Dimensions

Purpose & Capability: okName/description (RAGFlow knowledge-base search, upload, delete) match the code and README. The plugin requires an api_url and api_key in the OpenClaw config (not environment variables), and all network calls go to the configured RAGFlow endpoints. There are no unrelated credentials or binaries requested.
Instruction Scope: noteSKILL.md and code instruct the agent to read OpenClaw's config file (openclaw.json) for ragflow-kit settings and to hot-reload on each call. Reading the OpenClaw config is expected for a plugin, but note the plugin reads the full openclaw.json (then extracts its own entry) and relies on process.env.OPENCLAW_HOME/HOME to locate it.
Install Mechanism: okNo install spec is provided in the registry (instruction-only), and no remote downloads or extract/install steps are defined. The bundle includes source + dist files (so you can inspect code locally). No high-risk install URLs or archive extraction steps are present.
Credentials: okThe plugin requires a RAGFlow api_url and api_key (declared in the README/config file). It does not request unrelated environment credentials. It does use OPENCLAW_HOME/HOME to find openclaw.json, which is normal, but the README and package metadata do not declare an env-var primary credential — configuration is stored in openclaw.json rather than environment variables.
Persistence & Privilege: okThe plugin is not set always:true and uses the normal tool registration model. It hot-reloads its own configuration and resets an internal KB cache when config changes; it does not modify other plugins or system-wide agent settings.