ClawHub
Code Pluginsource linkedVerified

Anthropic Vertexv2026.5.28

OpenClaw Anthropic Vertex provider plugin for Claude models on Google Vertex AI.

@openclaw/anthropic-vertex-provider·runtime anthropic-vertex·by @openclaw
openclaw plugins install clawhub:@openclaw/anthropic-vertex-provider
Latest release: v2026.5.28Download zip

Capabilities

Tags
executes-codeprovider:anthropic-vertexartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Providers
anthropic-vertex
Runtime ID
anthropic-vertex

Compatibility

Built With Open Claw Version
2026.5.28
Min Gateway Version
>=2026.5.12-beta.1
Plugin Api Range
>=2026.5.28
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The package describes itself as a moderator-only ClawHub operator CLI and the reviewed commands match that purpose: user bans/unbans, role changes, report triage, package moderation, trusted publisher management, and rescans.
Instruction Scope
The tool has high-impact authority, but commands require explicit targets and many write paths require reasons, dry-run/apply flags, confirmation, or authenticated moderator/admin API access.
Install Mechanism
No postinstall or automatic runtime hook was found; the bin entry imports the built CLI, and build/typecheck scripts run TypeScript tooling rather than hidden network or persistence behavior.
Credentials
Network use is directed to the configured ClawHub registry/API and token storage uses the documented ClawHub config path with restricted file permissions.
Persistence & Privilege
The CLI persists a ClawHub API token locally for login, which is expected for this purpose; reviewed artifacts did not show background agents, startup persistence, credential exfiltration, or unrelated privilege escalation.
Scan Findings in Context
[VirusTotal clean telemetry] expected: VirusTotal reported 0 malicious and 0 suspicious detections across 62 engines; this supports but does not by itself determine the benign verdict.
[SkillSpector clean result] expected: SkillSpector reported no issues, and artifact review did not reveal hidden or purpose-mismatched behavior to override that clean signal.
[Static artifact review] expected: The high-impact moderation capabilities are consistent with the README, package description, command names, required authentication, and documented staff-only workflow.
Assessment
Install or run this only if you are a ClawHub maintainer/operator with permission to perform moderation. Its commands can change user roles, ban or unban accounts, alter package moderation state, and manage trusted publisher settings, so verify targets, reasons, and dry-run output before applying changes.
dist/index.js:36
File appears to expose a hardcoded API secret or token.
dist/provider-catalog.js:71
File appears to expose a hardcoded API secret or token.
dist/provider-discovery.js:41
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openclaw/openclaw
Commit
e93216080aa1
Tag
refs/heads/release/2026.5.28
Provenance
No
Scan status
clean

Tags

alpha
2026.5.19-alpha.1
beta
2026.6.1-beta.1
latest
2026.5.28