ClawHub
Code Pluginsource linked

ClawGlassOS (Even G2)v0.1.2

Community OpenClaw channel plugin for ClawGlassOS — bridges Even Realities G2 smart glasses (via the ClawGlassOS WebView) to the OpenClaw gateway.

openclaw-clawglassos·runtime clawglassos·by @lgezyxr
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:openclaw-clawglassos
Latest release: v0.1.2Download zip

Capabilities

Tags
executes-codekind:channelchannel:clawglassosartifact:npm-packnpm-mirror:available
Channels
clawglassos
configSchema
Yes
Executes code
Yes
HTTP routes
0
Plugin kind
channel
Runtime ID
clawglassos

Compatibility

Built With Open Claw Version
2026.5.21
Min Gateway Version
>=2026.5.21
Plugin Api Range
>=2026.5.21
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The artifacts consistently describe a ClawGlassOS/Even G2 channel plugin that runs a WebSocket server, receives text/voice frames, optionally sends audio to Azure Whisper, and forwards replies back to the glasses; these capabilities fit the stated purpose.
!
Instruction Scope
Inbound dispatch sets CommandAuthorized to true for every admitted WebView message, so ordinary glasses chat can be treated as command-capable without a separate explicit authorization signal or narrower capability scope.
Install Mechanism
The package contains a normal npm-style OpenClaw channel plugin with no install script, no bundled postinstall behavior, and only the ws runtime dependency disclosed in package.json.
Credentials
Running a WebSocket listener, requiring a shared token, supporting device allowlists/pairing, and optionally calling Azure STT are proportionate for a glasses bridge, but the default bind host is 0.0.0.0 and users should constrain network exposure.
!
Persistence & Privilege
The plugin starts a long-running gateway WebSocket service and keeps in-flight model/tool turns cancellable, which is expected for a channel, but the command authorization and PII-bearing warning log create material privilege/privacy concerns.
Scan Findings in Context
[SDI-2] unexpected: The bridge should forward user messages, but unconditional CommandAuthorized:true is broader than plain channel ingestion and lacks a distinct user-consent or command-specific gate.
[SQP-2] unexpected: Operational logging is expected, but including raw user text and a PII-like deviceId in a warning path is unnecessary for the core bridge function and increases privacy exposure.
What to consider before installing
Review before installing. Use a strong shared token, keep dmPolicy on allowlist or pairing, bind the WebSocket only to a trusted interface or private network, and avoid enabling Azure STT unless sending captured audio to that provider is acceptable. The maintainer should gate CommandAuthorized behind explicit command consent and redact message text/device IDs from logs.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/lgezyxr/openclaw-clawglassos
Commit
dff16fc48b85
Tag
master
Provenance
No
Scan status
suspicious

Tags

latest
0.1.2

openclaw-clawglassos

Community OpenClaw channel plugin for ClawGlassOS — the Even Realities G2 smart-glasses companion app in this repo. Not an Even Realities or OpenClaw official package.

What this is

A Channel Plugin in the same slot as the bundled qqbot, googlechat, msteams extensions in OpenClaw. It exposes the glasses as a chat channel (clawglassos) so OpenClaw can:

  • receive user voice / text from the glasses, and
  • push AI replies / notifications back to the glasses display.

Wiring

┌─────────────┐  WSS   ┌────────────────────────┐   inbound dispatch   ┌──────────┐
│  WebView    │ <────> │ ws-server (plugin)     │ ───────────────────► │ OpenClaw │
│ (on iPhone) │        │  :8787 /ws            │ ◄─────────────────── │  core    │
│  + G2 mic   │        └────────────────────────┘  outbound.sendText   └──────────┘
└─────────────┘
  • Channel id: clawglassos
  • Default endpoint: ws://<host>:8787/ws?token=<token>&device=<id>
  • Inbound frames (client → server):
    • {type:"hello", deviceId, label?} — sent once, right after socket open.
    • {type:"text", text} — typed input.
    • {type:"voice", text, lang?, streamId?}client-side STT result; treated like text but tagged as voice for OpenClaw rendering.
    • {type:"audio_start", streamId, encoding?, sampleRate?, channels?, lang?}
      • binary PCM frames + {type:"audio_end", streamId?}server-side STT path. Defaults: pcm_s16le, 16 kHz, mono.
    • {type:"ping"}.
  • Outbound frames (server → client):
    • {type:"reply", messageId, text} — AI reply.
    • {type:"transcript", streamId?, text, final} — server STT echo of the user's utterance (only emitted on the audio_start path).
    • {type:"display", text}, {type:"status", text}, {type:"pong"}, {type:"error", text}.

MVP scope

  • Open WSS endpoint
  • Token gate on connection
  • Text round-trip (WebView → OpenClaw → reply → WebView)
  • Audio path stub: receives PCM, currently surfaces a placeholder ([voice message]) for STT. Real STT slot reserved in src/stt.ts.

Status

Plumbing is in place; the actual injection of a user message into OpenClaw's session store follows the same pattern as the bundled qqbot extension (runtime.gateway + buildInboundContext + dispatchOutbound). The dispatch site is marked TODO(plugin-runtime) in src/inbound.ts and will be wired against the real PluginRuntime next.

Build

npm install
npm run build

Then load it into your OpenClaw install per your plugin loader conventions (externally-installed plugins use defineChannelPluginEntry; the bundled defineBundledChannelEntry path is only for in-repo extensions).