Pluginv0.2.0

ClawScan security

StablePay OpenClaw Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 1:18 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The plugin appears to implement the advertised StablePay wallet and signing flows, but there are notable inconsistencies and some instructions that require sensitive secrets and system changes that are not reflected in the declared metadata.
Guidance: This plugin mostly does what it says (client-side wallet, signing, DID registration, payment demo), but there are a few red flags you should consider before installing: - Required secrets are not declared in the registry metadata. The SKILL.md and code require STABLEPAY_PLUGIN_MASTER_KEY (master key used to encrypt local private keys). If you set this, treat it like a high-value secret; do not reuse other important keys/passwords. - Optional sensitive env vars (OWS passphrase, OWS REST API key) are used if you enable those runtimes. Only provide those to trusted services. - The README instructs running sudo tee -a /etc/wsl.conf to change WSL mount options. That modifies a system file with elevated privileges — do not run such commands unless you understand and accept the change. - package-lock.json contains many large dependencies (AWS SDKs, other SDKs) that are unexpected relative to the small dependency list in package.json. Review package.json and the lockfile locally before running npm install; consider running in an isolated environment or container. - The plugin makes network calls to a configurable backendBaseUrl; by default this is localhost, but the code will accept absolute URLs. Verify any backend endpoint you configure is trusted and does not point to external services you don't control. Recommended actions before installing: 1) Ask the author/maintainer to update registry metadata to list required env vars (STABLEPAY_PLUGIN_MASTER_KEY and any optional OWS secrets) and explain their use. 2) Inspect package.json and package-lock.json locally and, if you must build, do so in an isolated VM/container. Consider auditing or pinning dependencies. 3) Backup and review the encrypted local state location (default ~/.stablepay-openclaw). Understand how to revoke/rotate keys if compromised. 4) Avoid applying the /etc/wsl.conf change unless you understand WSL mount permission implications. 5) If you will provide OWS REST API keys or passphrases, confirm the remote service is trustworthy and that network endpoints are correct. If you want, I can extract the exact places the code reads environment variables and list all network endpoints the code can call to help you decide what to trust.

Review Dimensions

Purpose & Capability: noteCode and SKILL.md align with the described purpose (client-side wallet, signing, DID registration, payment flows). However the registry metadata declares no required environment variables while the runtime and docs clearly require STABLEPAY_PLUGIN_MASTER_KEY (and optionally STABLEPAY_OWS_PASSPHRASE / STABLEPAY_OWS_REST_API_KEY). Also package-lock contains many large dependencies (AWS SDK entries and other SDKs) that are not obvious from the plugin description or minimal package.json dependency list — this is unexpected and worth verifying.
Instruction Scope: concernRuntime instructions ask the operator to set a secret env var (STABLEPAY_PLUGIN_MASTER_KEY) and optionally OWS passphrases / API keys. The README also advises editing /etc/wsl.conf (sudo tee -a ...) to change mount options — that modifies a system config file and requires elevated privileges. The tools/scripts read/write an encrypted local state file under the user's home directory and will call local HTTP endpoints (defaults to 127.0.0.1 on various ports). No code appears to exfiltrate secrets by default, but the agent will perform network requests to a configurable backend URL (resolveTarget accepts absolute URLs). The SKILL.md is more prescriptive than the registry metadata about env and config access (incoherent).
Install Mechanism: noteThere is no install spec in the registry (instruction-only), but the package includes source and built JS (dist/) and a package-lock.json. The SKILL.md instructs running npm install / npm run build locally (which is normal for a plugin). The presence of a large package-lock with many AWS-related packages and other SDKs is unexpected given the small declared dependency list in package.json and should be reviewed before running npm install.
Credentials: concernThe plugin requires a sensitive master key (STABLEPAY_PLUGIN_MASTER_KEY) to derive the AES-256-GCM key for the local encrypted keystore; this is appropriate for a client-side keystore but the registry metadata incorrectly lists no required env vars. Additional optional secrets (OWS passphrase, OWS REST API key) are referenced in code/config. The mismatch between declared and actual required env vars is an incoherence and increases risk if users aren't warned. Several environment-variable names suggest high sensitivity (MASTER_KEY, PASSPhRASE, REST API KEY) and should be declared and handled carefully.
Persistence & Privilege: okThe plugin persists an encrypted local state file (~/.stablepay-openclaw/stablepay-local-state.enc) and creates policy files in a subdirectory — this is coherent with its purpose. It does not request always:true and does not appear to modify other plugins or system-wide agent settings automatically. The SKILL.md does suggest an optional manual change to /etc/wsl.conf (system-level), which is noteworthy but not performed automatically by the plugin.