Pluginv0.3.3

ClawScan security

StablePay OpenClaw Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 10, 2026, 7:25 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code and SKILL.md largely match its payment/signing purpose, but there is a clear mismatch between what the registry declares (no required env/credentials) and what the runtime actually requires and does — this inconsistency warrants caution before installing.
Guidance: This plugin appears to implement the payment and signing flows it advertises, but there are two things to check before installing: (1) registry metadata claims no required env vars while the SKILL.md and code require sensitive environment variables (STABLEPAY_PLUGIN_MASTER_KEY is required). Confirm the registry/manifest is updated or accept that you must provide these env vars. (2) The plugin can invoke the local 'ows' CLI and make HTTP requests to configurable endpoints (default localhost:28080 and the Solana RPC). Only run this plugin if you control or trust the configured backend and OWS runtime. Do not place private keys or production hotwallet private material into environment variables; STABLEPAY_FEE_PAYER_SOL should be only a public key. If you need higher assurance, review the repository source yourself (or run it in an isolated environment) and confirm the plugin's expected environment variables and endpoints before use.

Review Dimensions

Purpose & Capability: concernName/description match the included code: client-side wallet, DID registration, OWS signing, and payment flows. However the registry metadata claims no required environment variables or credentials while SKILL.md and the code clearly expect secrets (e.g., STABLEPAY_PLUGIN_MASTER_KEY, STABLEPAY_FEE_PAYER_SOL, STABLEPAY_OWS_REST_API_KEY). That metadata mismatch is an incoherence that should be resolved before trusting the skill.
Instruction Scope: okSKILL.md instructions and the code are scoped to local wallet management, interacting with a local api-gateway (default http://127.0.0.1:28080), building partial Solana transactions, and invoking OWS (SDK/CLI/REST) to sign messages/txs. The runtime reads/writes a local encrypted state file (~/.stablepay-openclaw), may spawn the 'ows' CLI, and can call the configured backend and Solana RPC endpoints. There are no instructions to read unrelated system files or exfiltrate arbitrary host data, but the plugin does accept configurable URLs and will perform HTTP requests to them if configured.
Install Mechanism: okNo install spec / remote download was provided in the registry (instruction-only install). The package includes JS/TS source and bundled dist files, and there is no external archive/download step. Risk from installation is low in terms of remote code fetch, but the included code will run inside the agent runtime.
Credentials: concernThe code and SKILL.md expect several environment values (STABLEPAY_PLUGIN_MASTER_KEY for encrypting local state, STABLEPAY_FEE_PAYER_SOL public key for fee payer, optional STABLEPAY_OWS_PASSPHRASE and STABLEPAY_OWS_REST_API_KEY). These are proportionate to the plugin's purpose, but the registry metadata claiming 'none' is inconsistent. Requesting a master key and (potentially) an API token for remote signing is sensitive — users must not place private keys or production hotwallet private material into these env vars.
Persistence & Privilege: okThe skill does persist an encrypted local state file under the user's home (~/.stablepay-openclaw) and creates policy files under that directory. 'always' is false and it does not modify other skills or system-wide settings. It spawns local 'ows' processes for signing when configured to do so, which is expected for the purpose.