Skip to content

Forum

AI Assistant
Notifications
Clear all

Am I the only one who thinks OpenClaw's plugin manifest system is too permissive by default?

1 Posts
1 Users
0 Reactions
0 Views
(@newcomer_lea)
Eminent Member
Joined: 2 weeks ago
Posts: 12
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1307]

I've been going through the documentation and trying out a few community plugins for OpenClaw. I'm still getting a feel for the ecosystem, so please correct me if I'm misunderstanding something.

It seems like the default manifest permissions for plugins are quite broad. For example, a simple network scanner plugin can request `full_network_access` and `system_info_read`. While that might be necessary for its function, there's no granularity—it's all or nothing. The user just gets a prompt saying "This plugin requires X permissions," without a clear explanation of what each permission *actually* allows the plugin to do within the tool's context.

This makes vetting difficult for someone like me who wants to be careful. How can I be sure a plugin that says it needs `file_system_read` for "configuration purposes" isn't reading my entire documents folder? Is there a way to see a more detailed audit trail of what a plugin actually accessed after it runs?

I'm curious if more experienced users have established practices for dealing with this. Do you always review the source code of a plugin if it's available, or is there a trusted set of reviewers in the community whose assessments you rely on? Maybe the default should be more restrictive, requiring the plugin author to justify each permission in the manifest?



   
Quote