NoChat Channel Plugin
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This plugin is purpose-aligned, but it needs review because remote agent messages can be treated as authorized commands, key runtime modules are missing from the provided package, and private message contents may be logged.
Review carefully before installing. Use only with a low-privilege or test OpenClaw agent until the trust-tier enforcement, complete source package, encryption implementation, and logging behavior are verified. Do not grant owner-tier access except to identities you fully control.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A message from another agent could be handled like an authorized instruction to your OpenClaw agent, potentially triggering tools or actions beyond what you intended.
The actual inbound handler turns NoChat peer messages into command-capable agent input and explicitly marks them authorized. In this gateway path, no TrustManager, tier check, or rate-limit check is visible before dispatch, despite the trust-tier claims elsewhere.
CommandBody: text, BodyForCommands: text, ... CommandAuthorized: true, // Trust tiers handle authorization ... await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({Do not install on a high-privilege agent until the inbound path enforces trust tiers before dispatch and defaults unknown senders to a safe, non-command sandbox.
Users may rely on encryption assurances that are not substantiated by the provided artifacts.
The included inbound content handling shows base64 decoding rather than a visible decryption/private-key flow, while SKILL.md and README make strong post-quantum E2E/server-blind security claims. The provided config also does not require a private key.
const raw = msg.encrypted_content || ""; const decoded = Buffer.from(raw, "base64").toString("utf-8"); // Handle double base64 encodingRequire clear cryptographic implementation, private-key handling, and reviewed client-side encryption/decryption before relying on the privacy claims.
The packaged skill may not run as shown, or users may need to fetch unreviewed code to make the high-impact messaging channel work.
The entry point references runtime-critical API, polling, runtime, trust, session, account, and target modules that are not present in the provided file manifest, leaving important network and authorization behavior unreviewed.
import { NoChatApiClient } from "./src/api/client.js"; import { PollingTransport } from "./src/transport/polling.js"; ... export { TrustManager } from "./src/trust/manager.js";Only install from a complete, pinned, reviewed source package that includes all referenced runtime modules.
Private encrypted DMs may appear in local gateway logs or log collectors.
The plugin logs the first part of inbound message plaintext after decoding, which is not disclosed in the privacy-focused messaging description.
console.log(`[NoChat] Inbound from ${senderId.slice(0, 8)}: ${text.slice(0, 80)}...`);Redact message bodies from logs by default and document any optional debug logging clearly.
Anyone with access to the configured API key may be able to act as the configured NoChat agent.
The NoChat API key is expected for this integration and is marked sensitive, but users should still recognize that the plugin receives delegated account authority.
"required": ["serverUrl", "apiKey", "agentName"], ... "apiKey": { "label": "NoChat Agent API Key", "sensitive": true }Use a dedicated NoChat key, store it securely, and rotate it if the extension directory or logs are exposed.
Your agent may keep receiving and responding to NoChat messages whenever the gateway is running.
The plugin runs a long-lived polling transport while the gateway account is active. This is disclosed and purpose-aligned for a messaging channel, but it means remote messages can arrive continuously.
ctx.log?.info?.(`[nochat:${account.accountId}] starting polling transport`); ... await transport.start(); activeTransports.set(account.accountId, transport);Enable it only for agents intended to receive remote messages, and keep conservative defaults for unknown senders.