Pluginv0.7.1

ClawScan security

TradeAlpha Open Platform · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code and instructions largely match its stated purpose (fetching realtime news) but it reads a TradeAlphaToken environment variable that the registry metadata does not declare and will transmit that token to openapi.lxaa.top; the env handling and default-enabled setting merit caution.
Guidance: This plugin appears to do what it says (run a local Node script that queries TradeAlpha realtime-news at openapi.lxaa.top), but you should be aware of two practical concerns before installing or enabling it: 1) Environment variable mismatch: the package expects you to set TradeAlphaToken in your system environment, but the registry metadata did not declare this requirement. If you supply a token it will be read from your environment and sent to openapi.lxaa.top. Only set this token if you trust that host and the API. 2) Env exposure to subprocess: the plugin forwards a whitelist of environment variables (HOME, PATH, USER, LANG, TZ, TEMP/TMP, and TradeAlphaToken) to the child process. If you are worried about leaking local user or system info, review whether those env values are acceptable to expose. Recommended next steps: - Inspect the included scripts/get-realtime-news.js (present in the package) — it is the code that will run and is not obfuscated. - Verify you trust the domain openapi.lxaa.top (review its TLS cert, privacy/terms if available, and that it is the expected API provider). - Only set TradeAlphaToken in an environment you control for this purpose; consider using a scoped/read-only token if supported. - If you prefer explicit opt-in, disable the plugin after installation or avoid enabling it by default; confirm how your OpenClaw deployment treats enabledByDefault plugins. If you want, I can produce a short checklist or commands to safely test the plugin without providing a real token (e.g., run it locally with no token to view error output).

Review Dimensions

Purpose & Capability: noteThe name/description describe a single realtime-news tool and the code implements exactly that (child-process invocation of a local script that POSTs to https://openapi.lxaa.top/api/v1/news/realtime_news). However, the registry metadata lists no required environment variables while the code and SKILL.md both expect a system environment variable TradeAlphaToken — this mismatch should be corrected or justified.
Instruction Scope: okSKILL.md describes the runtime behavior accurately: the plugin executes a local Node script via a child process, reads TradeAlphaToken from env, and sends news requests to openapi.lxaa.top. The runtime instructions do not ask the agent to read unrelated files or exfiltrate additional data beyond the declared behavior.
Install Mechanism: okThere is no external install spec (instruction-only with bundled JS files). No remote archives or third-party install steps are used; the plugin runs local Node code that is present in the package.
Credentials: concernThe skill requires (in practice) a sensitive environment value TradeAlphaToken but the registry metadata did not declare any required env vars. The plugin's child process deliberately whitelists a set of environment variables (HOME, PATH, TMPDIR/TMP/TEMP, USER/LOGNAME, LANG/LC_ALL, TZ) plus TradeAlphaToken and forwards them to the script; passing HOME, PATH, USER, etc., to a subprocess can leak system context and may be broader than strictly necessary for fetching news. The plugin also sends the token in both the Authorization header and the POST body to openapi.lxaa.top — the user must trust that host.
Persistence & Privilege: noteThe skill's OpenClaw contract file sets enabledByDefault: true, meaning the plugin will be active by default when the package is loaded; the registry-level always flag is false (not always forced across agents). This default-enabled behavior can cause the tool to be available without an explicit opt-in — consider whether you want it enabled by default. The plugin does not modify other plugins or system-wide settings.