ClawHub
Code Pluginsource linked

@taco-trade/web-copilotv2.0.10

OpenClaw channel plugin for Taco web copilot

@taco-trade/web-copilot·runtime web-copilot·by @taco-trade
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@taco-trade/web-copilot
Latest release: v2.0.10Download zip

Capabilities

Tags
executes-codekind:channelchannel:web-copilotsetup
Channels
web-copilot
configSchema
Yes
Executes code
Yes
HTTP routes
0
Plugin kind
channel
Runtime ID
web-copilot
Setup entry
Yes

Compatibility

Built With Open Claw Version
2026.3.24-beta.2
Plugin Api Range
>=2026.3.24-beta.2
Plugin Sdk Version
2026.3.24-beta.2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description declare a channel that polls a Taco backend and the code implements HTTP calls to /api/copilot endpoints, requires an apiToken and userId in the channel config, and exposes a channel named 'web-copilot' — all consistent.
Instruction Scope
Runtime instructions (package/openclaw metadata) and the code only reference channel config, OpenClaw runtime APIs, and the declared Taco backend endpoints. There are no commands or file reads outside the plugin's domain. The plugin does log message content to console (truncated) which may surface user content in logs.
Install Mechanism
No install script or remote download is specified; this is an instruction-only plugin with included JS files. No external archives or untrusted URLs are fetched during install.
Credentials
No environment variables or unrelated credentials are requested. The plugin legitimately requires an apiToken and userId (declared in openclaw.plugin.json channel config) to authenticate to the Taco backend; this is proportionate to the stated purpose.
Persistence & Privilege
always is false and the plugin does not request elevated/always-on privileges or modify other plugins' configs. It registers a polling loop and outbound/inbound logic appropriate for a channel plugin.
Assessment
This plugin appears to do what it says: poll a Taco backend and forward messages to/from OpenClaw. Before installing, ensure you trust the plugin owner and the backend URL you configure (default is https://api.dev.taco.trading). Provide a dedicated apiToken with minimal scope and avoid reusing high-privilege credentials. Be aware that the plugin logs portions of inbound/outbound messages to the host logs (truncated to 300 chars), so sensitive user content may appear in system logs — route logs and access carefully. Finally, confirm you want an 'open' DM policy (no pairing) as indicated in the plugin metadata.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/nada/channel
Commit
10
Tag
10
Provenance
No
Scan status
clean

Tags

latest
2.0.10