中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
openclaw-a2ui
HTML rich card rendering skill for OpenClaw webchat — provides structured content display (lists, tables, stats, code blocks) as styled HTML cards
Legitimate UI rendering skill with well-documented, scoped functionality. All file operations are necessary for plugin installation and confined to the OpenClaw extensions/workspace directories.
Skill Nameopenclaw-a2ui
Duration38.8s
Enginepi
Safe to install
Approve for use. The skill performs standard plugin installation (file copy + JSON config modification) with no exfiltration or unauthorized access.

Findings 3 items

Severity Finding Location
Low
Install script targets hardcoded OpenClaw paths
install.ts searches for openclaw.json in predefined paths ($HOME/.openclaw, /root/.openclaw) before using CLI-provided paths. This is standard auto-detection behavior.
const DEFAULT_CONFIG_CANDIDATES = [path.join(process.env.HOME ?? "/root", ".openclaw", "openclaw.json"), ...]
→ No action needed. Auto-detection is standard for CLI tooling.
 scripts/install.ts:40
Low
Plugin reads OpenClaw auth tokens from browser storage
skill-ui-bridge.js reads auth tokens from URL hash, localStorage 'openclaw.device.auth.v1', and 'openclaw.control.settings.v1'. Tokens are used to authenticate manifest fetch requests locally — not transmitted to external servers.
var hash = location.hash.replace(/^#/, ''); var hp = new URLSearchParams(hash); var t = hp.get('token');
→ No action needed. Token access is scoped to same-origin OpenClaw API calls. This is standard SPA auth behavior.
 assets/skill-ui-bridge.js:161
Low
Plugin modifies control-ui index.html at runtime
skill-ui-bridge-plugin.js injects a <script> tag into the control-ui index.html on gateway_start and restores it on gateway_stop. This is the documented mechanism for loading the renderer.
html = html.replace("</head>", `${scriptTag}\n</head>`);
→ No action needed. Modification is transient (restored on stop) and confined to the OpenClaw control-ui directory.
 assets/skill-ui-bridge-plugin.js:74
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned scripts/install.ts:69 — fs.copyFileSync for plugin files; scripts/install.ts:91 …
Network NONE READ ✓ Aligned assets/skill-ui-bridge.js:174 — fetch('/plugins/skill-ui/manifest') within same …
Browser NONE READ ✓ Aligned assets/skill-ui-bridge.js:161-166 — reads localStorage for OpenClaw auth tokens;…
3 findings
🔗
Medium External URL 外部 URL
https://a2ui.org/reference/components/
references/components.md:3
🔗
Medium External URL 外部 URL
https://www.youtube.com/embed/
references/components.md:312
🔗
Medium External URL 外部 URL
http://127.0.0.1:18793/__openclaw__/canvas/reply.html
references/templates.md:211

File Tree

12 files · 104.3 KB · 2469 lines
Markdown 6f · 1658L JavaScript 2f · 535L TypeScript 2f · 237L JSON 2f · 39L
├─ 📁 assets
│ ├─ 📜 skill-ui-bridge-plugin.js JavaScript 256L · 9.5 KB
│ ├─ 📋 skill-ui-bridge-plugin.json JSON 7L · 235 B
│ └─ 📜 skill-ui-bridge.js JavaScript 279L · 9.3 KB
├─ 📁 references
│ ├─ 📝 components.md Markdown 339L · 7.6 KB
│ ├─ 📝 html-card-templates.md Markdown 78L · 3.8 KB
│ ├─ 📝 html-templates.md Markdown 436L · 24.2 KB
│ ├─ 📝 templates.md Markdown 211L · 15.9 KB
│ └─ 📝 ui-config-schema.md Markdown 58L · 1.5 KB
├─ 📁 scripts
│ ├─ 📜 install.ts TypeScript 145L · 5.0 KB
│ └─ 📜 uninstall.ts TypeScript 92L · 2.7 KB
├─ 📝 SKILL.md Markdown 536L · 23.5 KB
└─ 📋 ui-config.json JSON 32L · 1000 B

Security Positives

✓ All file operations are explicitly documented in SKILL.md installation chapter
✓ Install script uses type-safe argument parsing with explicit flags (--openclaw-config, --extensions-dir, --workspace-dir)
✓ Plugin files are scoped to OpenClaw extensions directory, no arbitrary filesystem write
✓ HTML sanitization uses explicit whitelist approach (allowedTags/allowedAttrs from ui-config.json)
✓ No base64 encoding, eval(), or obfuscation found
✓ No credential harvesting, data exfiltration, or C2 communication
✓ No curl|bash or remote script execution
✓ Plugin properly cleans up (restores index.html) on gateway_stop
✓ CORS headers on manifest endpoint are restrictive (same-origin use only)