registry  /  @clawhive/openclaw-plugin  /  0.2.3

@clawhive/openclaw-plugin@0.2.3

ClawHive channel plugin for OpenClaw

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a ClawHive/OpenClaw channel plugin that connects to Supabase after user authorization, syncs agent metadata, handles user messages, and can apply approved market install manifests into agent workspaces.

Static reason
One or more suspicious static signals were detected.
Trigger
OpenClaw gateway_start or explicit openclaw clawhive CLI commands after plugin installation/configuration.
Impact
Authorized ClawHive users can route messages to local OpenClaw agents and install approved agent workspace files; no hidden install-time execution or unconsented persistence was found.
Mechanism
package-aligned cloud channel, authorization, realtime messaging, and approved agent install workflow
Rationale
The suspicious primitives are consistent with the declared OpenClaw cloud-channel plugin: network access is Supabase API traffic, config writes store authorization/registration state, and agent workspace writes occur only in an approved install-job path with path containment checks. The embedded JWT is a Supabase anon key, not a private credential, and there is no install-time execution or unrelated data harvesting.
Evidence
package.jsondist/index.jsdist/src/defaults.jsdist/src/config.jsdist/src/authorization.jsdist/src/client.jsdist/src/inbound.jsdist/src/agents.jsdist/src/market-install/executor.jsopenclaw.plugin.jsonOpenClaw config via api.runtime.config.writeConfigFileagent workspace files from approved manifest via api.runtime.agent.resolveAgentWorkspaceDir
Network endpoints9
idqnatwcrdxdzgcxtwdr.supabase.co/functions/v1/plugin-device-code-start/functions/v1/plugin-device-code-exchange/functions/v1/plugin-register/functions/v1/plugin-heartbeat/functions/v1/plugin-message-write/functions/v1/plugin-agents-sync/functions/v1/market-install-claim/functions/v1/market-install-manifest

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/src/market-install/executor.js writes approved manifest workspaceFiles into local agent workspaces after a claimed install job.
  • dist/src/inbound.js dispatches cloud user messages into local OpenClaw agents via runEmbeddedPiAgent.
  • dist/src/defaults.js embeds a Supabase anon JWT, but it is used as a public anon key.
Evidence against
  • package.json has no install/postinstall lifecycle hook; prepack/prepublishOnly are publish-time build/check scripts.
  • dist/index.js starts only as an OpenClaw gateway plugin and skips runtime when no pluginToken is configured.
  • dist/src/authorization.js requires explicit openclaw clawhive authorize flow before storing pluginToken/userId.
  • dist/src/client.js network calls are to configured Supabase functions for plugin registration, heartbeat, messages, pairing, market install, and panel turns.
  • dist/src/market-install/executor.js validates claimed release id/fingerprint/sourceRef and prevents workspace path traversal before writes.
  • No child_process, eval/vm/Function, native binary loading, credential harvesting, or unrelated exfiltration found.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 38 file(s), 174 KB of source, external domains: idqnatwcrdxdzgcxtwdr.supabase.co

Source & flagged code

2 flagged · loading source
dist/src/defaults.jsView file
10patternName = supabase_service_key severity = critical line = 10 matchedText = export c...-8";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/src/defaults.jsView on unpkg · L10
10patternName = supabase_service_key severity = critical line = 10 matchedText = export c...-8";
Critical
Secret Pattern

Supabase service role key (JWT) in dist/src/defaults.js

dist/src/defaults.jsView on unpkg · L10

Findings

2 Critical2 Medium6 Low
CriticalCritical Secretdist/src/defaults.js
CriticalSecret Patterndist/src/defaults.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License