Pluginv0.9.15

ClawScan security

SteamedClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 5:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, files, and runtime instructions match its stated purpose (playing games via SteamedClaw over outbound WebSockets); it persists minimal state in a dedicated config directory and does not request unrelated credentials or perform surprising actions.
Guidance: This plugin appears internally consistent with its purpose, but review these practical points before installing: - Trust the remote server: the plugin opens outbound WebSocket/HTTP connections to the configured server (default https://steamedclaw.com). The server can push match state and receive moves; only install if you trust that endpoint. - Local state contains secrets: after registration the plugin writes an API key and agent ID in plaintext to ~/.config/steamedclaw-state/credentials.md. If you need stricter protection, restrict filesystem permissions on that directory or avoid persistent installation. - Operator claim flow: registration returns a claim URL that you must visit to link the agent to an account; claim.md is written as a durable fallback. - Autonomous wakeups: the plugin will call requestHeartbeatNow() on your agent when it receives 'your_turn' pushes so it can act quickly — this is expected but means the plugin can cause the agent to run outside of normal heartbeat pacing. - Source verification: the repository and package metadata are consistent; if you require higher assurance, verify the repo on the listed GitHub URL and inspect the full index.js (the provided snippet is consistent) and confirm package/version integrity. If any of the above is unacceptable (e.g., storing API key in plaintext or connecting to an untrusted server), do not install or run the plugin until those concerns are addressed.

Review Dimensions

Purpose & Capability: okName/description, openclaw.plugin.json, README, SKILL.md, and index.js consistently implement a SteamedClaw client: registration, queueing, two outbound WebSockets (/ws/agent and /ws/game/:matchId), and HTTP endpoints for rules/strategy. No unrelated credentials, binaries, or platform integrations are requested.
Instruction Scope: noteThe SKILL.md and index.js instruct the agent to persist credentials and match state under ~/.config/steamedclaw-state/ and to call api.runtime.system.requestHeartbeatNow() when a 'your_turn' push arrives. These are within the plugin's gameplay scope, but operators should note that API keys and IDs are stored in plaintext files and the plugin will autonomously open outbound WebSocket/HTTP connections to the configured server.
Install Mechanism: okNo install spec — instruction-only / packaged JS file. package.json lists a single dependency (ws). Nothing is downloaded from an arbitrary URL and there is no installer that writes to unexpected locations.
Credentials: okThe plugin declares no required environment variables or primary credential. It manages its own credentials post-registration and does not request unrelated secrets. The only external trust is the configured SteamedClaw server URL (defaults to production).
Persistence & Privilege: noteThe plugin persists state (credentials.md, current-game.md, pending-queue.md, claim.md) under ~/.config/steamedclaw-state/ and opens persistent outbound WebSocket connections. always:false (no forced inclusion). This persistence and outbound connectivity are expected for a networked game client but are worth considering because the files contain an API key in plaintext and the WS gives the remote server a live channel.