Back to plugin

Security audit

Delta Chat

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Delta Chat bridge for OpenClaw, but it handles chat credentials, persistent message data, remote user access, and an external Delta Chat RPC binary.

Before installing, use a dedicated bot account or auto-created chatmail account, install deltachat-rpc-server from a trusted source, protect ~/.openclaw/deltachat-data and your OpenClaw config, keep configWrites off unless you need it, and configure allowlists/pairing for any agent that can perform sensitive actions.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/channel.js:346
Evidence
password: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/deltachat.js:372
Evidence
password: [REDACTED],