ClawHub
Code Pluginsource linkedVerified

Tlon/Urbitv2026.5.28

OpenClaw Tlon/Urbit channel plugin for chat workflows.

@openclaw/tlon·runtime tlon·by @openclaw
openclaw plugins install clawhub:@openclaw/tlon
Latest release: v2026.5.28Download zip

Capabilities

Tags
executes-codechannel:tlonsetupartifact:npm-packnpm-mirror:available
Channels
tlon
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
tlon
Setup entry
Yes

Compatibility

Built With Open Claw Version
2026.5.28
Min Gateway Version
>=2026.4.10
Plugin Api Range
>=2026.5.28
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The package purpose is a Tlon/Urbit chat channel, and the executable code, channel registration, setup wizard, outbound sends, inbound subscriptions, media handling, and Tlon account probing all fit that purpose.
Instruction Scope
Runtime behavior includes using a user-provided ship URL and login code, reading subscribed DMs/groups, posting replies, optionally auto-discovering channels, and optionally auto-accepting invites based on explicit configuration and allowlists.
Install Mechanism
The package has no npm lifecycle scripts itself, but it depends on @tloncorp/tlon-skill, which the shrinkwrap marks as having an install script and platform-specific binaries; this is expected for the declared bundled Tlon skill but worth normal install awareness.
Credentials
Network access to the configured Urbit/Tlon host, Tlon hosted upload service, and configured storage endpoints is proportionate for chat and media support; private/internal ship URLs require an explicit dangerouslyAllowPrivateNetwork opt-in.
Persistence & Privilege
The plugin persists Tlon settings such as allowlists, watched channels, pending approvals, and invite/channel preferences through the Urbit settings store, which is purpose-aligned and visible in the configuration model.
Scan Findings in Context
[SkillSpector clean result] expected: SkillSpector reported no issues; local artifact review also found the executable behavior aligned with the Tlon chat-channel purpose.
[VirusTotal clean telemetry] expected: VirusTotal reported 0 malicious and 0 suspicious detections across supplied engines; this supports but does not solely determine the benign verdict.
[trusted @openclaw plugin context] expected: Metadata identifies this as an official trusted @openclaw/tlon package linked to the openclaw/openclaw source repository, with no artifact-backed evidence overriding that trust.
[dependency install script noted] expected: The shrinkwrap marks @tloncorp/tlon-skill as having an install script and platform binaries; because the manifest explicitly declares that skill dependency, this is expected integration behavior rather than hidden persistence.
Assessment
Install this only if you want OpenClaw to access and operate through your Tlon/Urbit account. Review the configured ship URL, login code handling, DM/group allowlists, owner ship, auto-discovery, and auto-accept invite options before enabling it, especially if using private network access or media uploads.
dist/channel-B-9DBmmD.js:42
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openclaw/openclaw
Commit
e93216080aa1
Tag
refs/heads/release/2026.5.28
Provenance
No
Scan status
clean

Tags

alpha
2026.5.19-alpha.1
beta
2026.6.1-beta.1
latest
2026.5.28

Tlon (OpenClaw plugin)

Tlon/Urbit channel plugin for OpenClaw. Supports DMs, group mentions, and thread replies.

Docs: https://docs.openclaw.ai/channels/tlon