ClawHub
Code Pluginsource linkedVerified

Amazon Bedrockv2026.5.28

OpenClaw Amazon Bedrock provider plugin with model discovery, embeddings, and guardrail support.

@openclaw/amazon-bedrock-provider·runtime amazon-bedrock·by @openclaw
openclaw plugins install clawhub:@openclaw/amazon-bedrock-provider
Latest release: v2026.5.28Download zip

Capabilities

Tags
executes-codeprovider:amazon-bedrockartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Providers
amazon-bedrock
Runtime ID
amazon-bedrock

Compatibility

Built With Open Claw Version
2026.5.28
Min Gateway Version
>=2026.5.12-beta.1
Plugin Api Range
>=2026.5.28
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The package purpose is Amazon Bedrock integration, and the artifacts register a Bedrock provider, stream chat requests to Bedrock Runtime, discover Bedrock models, and create Bedrock embeddings; these capabilities match the stated purpose.
Instruction Scope
The runtime can use AWS environment variables, AWS profiles, bearer tokens, and shared AWS config through the AWS SDK, and model discovery may run when configured or when AWS auth is present. This is disclosed in config/help text and is expected for a Bedrock provider.
Install Mechanism
The artifact is an npm pack for @openclaw/amazon-bedrock-provider with runtime extension files and a shrinkwrap. I found no install, preinstall, postinstall, prepare script, command hook, or hidden setup entry that would execute unrelated code during installation.
Credentials
The plugin sends user prompts, images, tool-call context, and embedding text to Amazon Bedrock endpoints and may read local AWS credential sources through the standard AWS SDK chain. That access is sensitive but proportionate to the provider's function.
Persistence & Privilege
The code uses in-memory caches for discovery/profile traits with configurable refresh behavior, but I found no durable persistence, background worker, privilege escalation, broad local indexing, destructive file operations, or unrelated credential handling.
Scan Findings in Context
[VirusTotal clean engine telemetry] expected: VirusTotal reported 0 malicious and 0 suspicious detections across 62 undetected engines; this supports, but does not by itself determine, the benign verdict.
[SkillSpector clean report] expected: SkillSpector reported no issues, which is consistent with the inspected artifacts and the provider's declared behavior.
[metadata executes-code/provider:amazon-bedrock] expected: The metadata declares executable provider code for Amazon Bedrock. The executable code is the provider implementation itself, not unrelated automation.
Assessment
Install this if you intend OpenClaw to use your AWS account for Bedrock. Before enabling it, confirm the AWS profile or environment credentials have only the permissions you want OpenClaw to use, and remember that chat content, images, tool context, and memory embedding text may be sent to Amazon Bedrock under your account.
dist/stream.runtime.js:39
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openclaw/openclaw
Commit
e93216080aa1
Tag
refs/heads/release/2026.5.28
Provenance
No
Scan status
clean

Tags

alpha
2026.5.19-alpha.1
beta
2026.6.1-beta.1
latest
2026.5.28