ClawHub
Code Pluginsource linkedVerified

GitHub Copilot agent runtimev2026.5.28

OpenClaw GitHub Copilot agent runtime plugin (registers a `github-copilot` AgentHarness backed by @github/copilot-sdk over JSON-RPC to the GitHub Copilot CLI)

@openclaw/copilot·runtime copilot·by @openclaw
openclaw plugins install clawhub:@openclaw/copilot
Latest release: v2026.5.28Download zip

Capabilities

Tags
executes-codeartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
copilot

Compatibility

Built With Open Claw Version
2026.5.28
Min Gateway Version
>=2026.5.28
Plugin Api Range
>=2026.5.28
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The package consistently implements an opt-in GitHub Copilot agent runtime harness for OpenClaw, bridging OpenClaw tools, auth, sessions, telemetry, compaction, replay, and transcripts. The powerful capabilities are expected for an agent runtime.
Instruction Scope
Bridged tools intentionally use SDK skipPermission and override built-in names, but the source explains this as delegation to OpenClaw's wrapped-tool policy layer, forwards sandbox and allowlist context, restricts availableTools to the bridged list, and keeps SDK built-in permission handling fail-closed by default.
Install Mechanism
Package and plugin metadata identify @openclaw/copilot as an official OpenClaw package with normal npm dependencies and no postinstall/preinstall scripts or hidden installation behavior observed.
Credentials
The runtime can use GitHub/Copilot credentials, file/workspace context, subprocess doctor probes, and OpenClaw coding tools. Those accesses are proportionate for an explicitly selected Copilot agent runtime, but administrators should ensure the host OpenClaw policy layer is active.
Persistence & Privilege
The plugin can persist SDK session bindings and locally mirror full conversation/tool-result snapshots into the OpenClaw audit transcript when a session file is supplied. This is visible and purpose-aligned, but the resulting files may contain sensitive content.
Scan Findings in Context
[SDI-4] expected: Confirmed skipPermission in the tool bridge. In context, it is an intentional bridge design to let OpenClaw's wrapped execute path enforce policy; surrounding code forwards policy/sandbox context and limits the SDK catalog to bridged tool names, so this does not support a Review verdict by itself.
[SQP-2] expected: The approveAll permission handler is confined to an opt-in live smoke test gated by live-test environment variables and tokens, not normal runtime activation.
[SQP-2] expected: Confirmed local transcript mirroring of user, assistant, and tool-result messages. This is sensitive local persistence for audit/replay parity, disclosed in comments and README context, not exfiltration or hidden behavior.
[SQP-2] expected: Confirmed overridesBuiltInTool plus skipPermission for bridged tools. The artifacts show a coherent OpenClaw-owned tool namespace and policy-delegation model rather than purpose-mismatched privilege escalation.
Assessment
Install this only where you trust the OpenClaw host policy configuration for tool execution. Treat Copilot session storage and OpenClaw transcript files as sensitive, restrict filesystem access to them, and avoid enabling broad shell or write tools unless your deployment enforces clear user-directed approvals.
dist/attempt-DMegR4ua.js:1499
File appears to expose a hardcoded API secret or token.
dist/harness-Blgz_qk3.js:104
File appears to expose a hardcoded API secret or token.
src/attempt.ts:827
File appears to expose a hardcoded API secret or token.
src/auth-bridge.test.ts:151
File appears to expose a hardcoded API secret or token.
src/auth-bridge.ts:184
File appears to expose a hardcoded API secret or token.
src/runtime.test.ts:68
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openclaw/openclaw
Commit
e93216080aa1
Tag
v2026.5.28
Provenance
No
Scan status
clean

Tags

beta
2026.6.1-beta.1
latest
2026.5.28

GitHub Copilot agent runtime (OpenClaw plugin)

External OpenClaw plugin that registers a copilot agent harness backed by @github/copilot-sdk and the GitHub Copilot CLI.

Install

openclaw plugins install @openclaw/copilot

Restart the Gateway after installing or updating the plugin.

The harness claims the canonical subscription github-copilot provider and is opt-in only — selection requires explicit agentRuntime.id: "copilot" on a model or provider entry; auto never picks it. PI remains the default embedded runtime.

See GitHub Copilot agent runtime for configuration, doctor probes, transcript mirroring, compaction, side questions, replay, and the supported-surface contract. See qa/copilot-capabilities.md for the SDK capability inventory the harness is pinned to.

Package

  • Plugin id: copilot
  • Package: @openclaw/copilot
  • Minimum OpenClaw host: 2026.5.28