Back to plugin
Pluginv0.3.1
ClawScan security
Openclaw Stalwart Jmap Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 3, 2026, 9:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, instructions, and manifest are consistent with a JMAP mail/calendar/contacts integration and request only the configuration credentials appropriate for that purpose.
- Guidance
- This plugin appears to do exactly what it claims: provide JMAP tools for a Stalwart server. Before installing, ensure you trust the Stalwart server you will configure and supply only mailbox credentials or an OAuth access token (do not paste admin/API management keys). Prefer installing the published package or inspect the built dist/compiled code (dist/index.js) if you plan to install from source. If you restrict tools with tools.allow, include only this plugin id if you want to allow it. If you have low trust, run the smoke tests listed in SKILL.md in a disposable account first.
Review Dimensions
- Purpose & Capability
- okName/description, manifest, SKILL.md, and index.ts all implement a Stalwart JMAP client and register typed stalwart_* tools for mail, calendar, and contacts. Nothing in the repo asks for unrelated cloud credentials or system access.
- Instruction Scope
- okSKILL.md confines runtime actions to installing/building the plugin, configuring OpenClaw plugin settings (sessionUrl/baseUrl and mailbox credentials or OAuth token), and calling the declared stalwart_* tools. It does not instruct reading arbitrary host files, environment variables, or sending data to unrelated external endpoints.
- Install Mechanism
- noteThere is no separate install spec in the registry entry; installation is via OpenClaw's plugin mechanisms / npm. The repo uses normal npm build/test scripts and contains a package-lock with many dev/dependency entries (some large dev libs like AWS SDK and SDKs for model vendors appear only as devDeps in the lockfile). There are no download-from-URL extract steps or unknown third-party URLs; this is typical for a Node plugin but you may want to prefer installing the published package (or inspect the built dist) rather than running random local code.
- Credentials
- okThe plugin requests credentials appropriate to JMAP (username/password or OAuth accessToken) via OpenClaw plugin config. The registry metadata lists no required env vars and no unrelated secrets. SKILL.md explicitly warns not to use Stalwart admin/API tokens for JMAP.
- Persistence & Privilege
- okThe skill is user-invocable, not always-enabled, and does not request elevated platform privileges or to modify other skills. It exposes read/write tools as expected for an email/calendar plugin.