Back to plugin

Security audit

Threema

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Threema Gateway plugin that asks for the kinds of credentials and capabilities needed to send, receive, encrypt, and transcribe Threema messages.

Before installing, make sure you are comfortable giving this plugin your Threema Gateway secret and E2E private key in OpenClaw configuration, because those are necessary for it to send and decrypt messages. If you enable voice transcription, it will run local Whisper on received audio files. The main thing to double-check is the package/version mismatch in the lockfile, but the observed behavior is consistent with the advertised Threema Gateway plugin purpose.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.ts:935
Evidence
// Run whisper transcription with spawnSync (no shell, argument array)

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:144
Evidence
process.env.HOME || "/tmp",

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:187
Evidence
this.secretKey = [REDACTED];

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
index.ts:1
Evidence
/**