Latest release: v0.1.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The core purpose—letting Relay browse and edit workspace files over Gateway RPC—matches the implementation for list/read/write/delete, but the documentation also advertises stat/rename methods that are not present in the reviewed source.
Instruction Scope
The documentation claims strong workspace-boundary and root-deletion safeguards, but the code does not fully enforce them.
Install Mechanism
No install scripts, external dependencies, required binaries, or required credentials are present in the supplied artifacts.
Credentials
Remote read/write/delete access to the workspace is expected for this plugin, but recursive forced deletion can target the workspace root and symlink handling may allow access outside the intended boundary.
Persistence & Privilege
When installed, the plugin persistently registers Gateway methods available to connected Relay/Gateway clients; no hidden background worker or credential use is shown.
What to consider before installing
Install only if you trust the Relay/Gateway environment and have backups of the workspace. Before using destructive operations, prefer a version that explicitly blocks deleting the workspace root and correctly handles symlinks or other paths that could escape the workspace.Verification
Tags
relay-workspace
OpenClaw plugin that exposes workspace.* Gateway RPC methods so the Relay desktop app can browse and edit the agent's workspace remotely over WebSocket.
What it does
The OpenClaw gateway protocol does not include file browsing RPCs by default. This plugin registers 6 custom gateway methods that Relay's file explorer calls when connected to a remote gateway:
| Method | Description |
|---|---|
workspace.list | List directory contents (filtered, capped) |
workspace.read | Read file content (size-limited) |
workspace.write | Create or overwrite a file |
workspace.stat | Get file/directory metadata |
workspace.rename | Rename or move a file/directory |
workspace.delete | Delete a file or directory (recursive) |
Installation
openclaw plugins install @seventeenlabs/openclaw-relay-workspace
Or install from a local path during development:
openclaw plugins install ./plugins/openclaw-relay-workspace
Configuration
Add plugin config in your openclaw.json:
{
"plugins": {
"entries": {
"relay-workspace": {
"config": {
"maxListItems": 200,
"maxReadBytes": 262144
}
}
}
}
}
| Option | Default | Description |
|---|---|---|
maxListItems | 200 | Maximum entries returned by workspace.list |
maxReadBytes | 262144 (256 KB) | Maximum file size allowed by workspace.read |
Security
- Path traversal prevention: All paths are resolved against the workspace root. Any path that resolves outside the boundary (e.g.
../../etc/passwd) is rejected. - Hidden file filtering: Dotfiles and OS metadata (
desktop.ini,thumbs.db,.DS_Store) are excluded from listings and blocked from direct access. - Root deletion guard:
workspace.deleterefuses to delete the workspace root directory. - Size limits:
workspace.readrejects files exceeding the configured byte limit.
How it connects to Relay
┌─────────┐ WebSocket JSON-RPC ┌──────────────────┐ Node.js fs ┌───────────┐
│ Relay │ ─── workspace.list ──→ │ relay-workspace │ ────────────→ │ Workspace │
│ (app) │ ←── { items: [...] } ─ │ (plugin) │ ←──────────── │ (disk) │
└─────────┘ └──────────────────┘ └───────────┘
- Relay detects a non-localhost gateway URL → uses
RemoteFileService RemoteFileServicecallsworkspace.*RPCs via the gateway client- This plugin handles those RPCs on the server and operates on the agent workspace directory
- If the plugin is not installed, Relay shows a fallback UI with agent tool capabilities
Development
The plugin source lives at plugins/openclaw-relay-workspace/index.ts. It uses:
definePluginEntryfrom the OpenClaw Plugin SDKapi.registerGatewayMethod()to add custom RPC methodsapi.runtime.agent.resolveAgentWorkspaceDir()to locate the workspace- Standard Node.js
fs/promisesfor all file operations
License
MIT