
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
lightclawbot
Advanced tools
OpenClaw 的 Channel 插件
openclaw plugins install lightclawbot
编辑 ~/.openclaw/openclaw.json:
{
"channels": {
"lightclawbot": {
"apiKeys": ["key-1", "key-2"],
"enabled": true
}
}
}
| 字段 | 类型 | 说明 |
|---|---|---|
apiKeys | string[] | API Key 数组,每个对应一个用户身份 |
enabled | boolean | 是否启用 |
npm run build # 编译
npm run typecheck # 类型检查
项目附带 Mock 用于本地调试:
cd test-server
npm install
npm start # 启动 Mock 服务端
npm run client # 启动测试客户端
src/
├── channel.ts # 插件入口,注册、能力声明、生命周期
├── config.ts # 配置解析,API Key 映射管理
├── gateway.ts # Socket.IO 连接管理,心跳,重连
├── inbound.ts # 入站消息处理 → 文件处理 → AI 分发
├── outbound.ts # 出站消息(WebSocket)
├── socket-handlers.ts # Socket.IO 事件绑定
├── socket-registry.ts # Socket 注册表,离线缓冲
├── file-storage.ts # 文件存储封装
├── upload-tool.ts # AI 工具:上传文件
├── download-tool.ts # AI 工具:下载/获取文件 URL
├── dedup.ts # 消息去重与防抖
├── media.ts # 媒体工具函数
├── types.ts # 类型定义
└── history/ # 历史消息读取
FAQs
LightClawBot channel plugin with message support, cron jobs, and proactive messaging
The npm package lightclawbot receives a total of 1,588 weekly downloads. As such, lightclawbot popularity was classified as popular.
We found that lightclawbot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.