Scan Report
5 /100
openclaw-rp-plugin
SillyTavern-compatible roleplay plugin with character cards, long memory, multimodal output (TTS/image), and Generative-Agents-style companion
Legitimate roleplay plugin for OpenClaw with no malicious behavior. The base64 IOCs flagged in pre-scan are false positives - all represent standard file processing for SillyTavern character card imports.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ+WRITE | READ+WRITE | ✓ Aligned | SKILL.md Configuration section declares ~/.openclaw/ config access |
| Network | READ+WRITE | READ+WRITE | ✓ Aligned | SKILL.md Core Capabilities declares TTS and image generation with external APIs |
| Shell | NONE | NONE | — | No exec, spawn, or command execution found |
| Database | READ+WRITE | READ+WRITE | ✓ Aligned | SKILL.md Long Memory section declares SQLite for session persistence |
| Environment | READ | READ | ✓ Aligned | SKILL.md declares OPENCLAW_RP_LOCALE and OpenAI/Gemini env vars |
5 Critical 9 findings
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(attachment.content, "base64" src/core/commandRouter.js:100 Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(match[2], "base64" src/core/commandRouter.js:141 Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(dataUrl.base64, "base64" src/openclaw/register.js:148 Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(resolved, "base64" src/utils/attachments.js:16 Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(encoded, "base64" src/utils/png.js:34 Medium External URL 外部 URL
https://arxiv.org/abs/2304.03442 README.md:7 Medium External URL 外部 URL
https://example.local/audio.mp3 examples/smoke-run.js:26 Medium External URL 外部 URL
https://example.local/image.png examples/smoke-run.js:31 Medium External URL 外部 URL
https://api.telegram.org src/providers/attachmentResolvers.js:52 File Tree
70 files · 360.8 KB · 11857 lines JavaScript 61f · 10617L
Markdown 7f · 1143L
JSON 2f · 97L
├─
▾
docs
│ ├─
ARCHITECTURE.md
Markdown
│ └─
ARCHITECTURE.zh-CN.md
Markdown
├─
▾
examples
│ ├─
openclaw-rp-bootstrap.js
JavaScript
│ └─
smoke-run.js
JavaScript
├─
▾
src
│ ├─
▾
channels
│ │ └─
adapters.js
JavaScript
│ ├─
▾
core
│ │ ├─
commandRouter.js
JavaScript
│ │ ├─
defaultPreset.js
JavaScript
│ │ ├─
lorebookMatcher.js
JavaScript
│ │ ├─
modelConfigResolver.js
JavaScript
│ │ ├─
promptBuilder.js
JavaScript
│ │ ├─
rateLimiter.js
JavaScript
│ │ ├─
retry.js
JavaScript
│ │ ├─
sessionManager.js
JavaScript
│ │ └─
sessionMutex.js
JavaScript
│ ├─
▾
importers
│ │ ├─
cardImporter.js
JavaScript
│ │ ├─
lorebookImporter.js
JavaScript
│ │ └─
presetImporter.js
JavaScript
│ ├─
▾
openclaw
│ │ ├─
agentImageTool.js
JavaScript
│ │ ├─
agentPersona.js
JavaScript
│ │ ├─
autoImage.js
JavaScript
│ │ ├─
i18n.js
JavaScript
│ │ ├─
nodeSqliteCompat.js
JavaScript
│ │ └─
register.js
JavaScript
│ ├─
▾
providers
│ │ ├─
attachmentResolvers.js
JavaScript
│ │ ├─
gemini.js
JavaScript
│ │ └─
openaiCompatible.js
JavaScript
│ ├─
▾
store
│ │ ├─
inMemoryStore.js
JavaScript
│ │ ├─
schema.js
JavaScript
│ │ └─
sqliteStore.js
JavaScript
│ ├─
▾
utils
│ │ ├─
attachments.js
JavaScript
│ │ ├─
commandParser.js
JavaScript
│ │ ├─
id.js
JavaScript
│ │ ├─
imageIntent.js
JavaScript
│ │ ├─
multilingualEmbedding.js
JavaScript
│ │ ├─
png.js
JavaScript
│ │ ├─
sessionKey.js
JavaScript
│ │ ├─
textCleaner.js
JavaScript
│ │ ├─
tiktokenEstimator.js
⚠
JavaScript
│ │ ├─
timeout.js
JavaScript
│ │ └─
tokenEstimator.js
⚠
JavaScript
│ ├─
errors.js
JavaScript
│ ├─
index.js
JavaScript
│ ├─
openclawIntegration.js
JavaScript
│ ├─
plugin.js
JavaScript
│ └─
types.js
JavaScript
├─
▾
tests
│ ├─
agentImageTool.test.js
JavaScript
│ ├─
agentPersona.test.js
JavaScript
│ ├─
attachmentResolvers.test.js
JavaScript
│ ├─
cardImporter.test.js
JavaScript
│ ├─
channelsAdapter.test.js
JavaScript
│ ├─
commandParser.test.js
JavaScript
│ ├─
hooksAndPolicies.test.js
JavaScript
│ ├─
imageIntent.test.js
JavaScript
│ ├─
integrationHandlers.test.js
JavaScript
│ ├─
lorebookMatcher.test.js
JavaScript
│ ├─
openaiCompatibleProvider.test.js
JavaScript
│ ├─
openclawAutoImage.test.js
JavaScript
│ ├─
pluginStoreSelection.test.js
JavaScript
│ ├─
promptBuilder.test.js
JavaScript
│ ├─
ragMemory.test.js
JavaScript
│ ├─
routerFlow.test.js
JavaScript
│ ├─
textCleaner.test.js
JavaScript
│ └─
tokenEstimatorFactory.test.js
⚠
JavaScript
├─
CHANGELOG.md
Markdown
├─
CHANGELOG.zh.md
Markdown
├─
openclaw.plugin.json
JSON
├─
package.json
JSON
├─
README.md
Markdown
├─
README.zh.md
Markdown
└─
SKILL.md
Markdown
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
better-sqlite3 | ^9.0.0 | npm | No | Optional peer dependency for SQLite persistence |
js-tiktoken | ^1.0.0 | npm | No | Optional peer dependency for token counting |
openclaw | * | npm | No | Plugin framework, optional peer dependency |
Security Positives
✓ No shell execution or command injection patterns found
✓ No credential harvesting from environment variables
✓ No data exfiltration or suspicious network requests
✓ No reverse shell, C2, or command-and-control behavior
✓ All base64 operations are legitimate file processing for SillyTavern PNG character cards
✓ Dependencies are well-defined with proper version constraints
✓ Extensive documentation in SKILL.md matches actual implementation
✓ Clean architecture with proper error handling throughout
✓ No hidden HTML comments or obfuscated instructions
✓ Data URL parsing follows standard W3C format