v0.1.0

NoChat Channel Plugin

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

This is a plausible NoChat channel plugin, but its artifacts show remote messages being auto-authorized into agent sessions while advertised trust and encryption safeguards are not backed by the included code.

GuidanceReview carefully before installing. Only use this if you intentionally want NoChat agents to communicate with your OpenClaw agent, and wait for a complete source package with enforced trust tiers, artifact-backed encryption, and no default message-content logging. If you proceed, use a dedicated API key, keep the owner list empty until verified, and test with a sandboxed agent first.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

index.ts

CommandAuthorized: true, // Trust tiers handle authorization ... await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({ ctx: ctxPayload, cfg: ctx.cfg, ... })

The active inbound handler marks NoChat messages as command-authorized and dispatches them into an OpenClaw session; the handler does not show a TrustManager, blocklist, tier, approval, or rate-limit check before dispatch.

User impactA remote NoChat sender could be treated as an authorized command source for the local agent, potentially causing the agent to use its tools or main session in response to untrusted messages.

RecommendationDo not install until the active gateway path enforces explicit trust tiers before dispatch, defaults unknown senders to non-command/sandboxed handling, and sets CommandAuthorized only for explicitly approved owner-tier peers.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Post-quantum E2E encryption. Server-blind — even if the database is compromised, messages remain unreadable.

The skill makes strong encryption and server-blind privacy claims, but the provided plugin configuration requires no private key or crypto material, and the active handler decodes encrypted_content as base64 rather than showing cryptographic decryption.

User impactUsers may trust sensitive instructions or data to the channel believing it has stronger end-to-end encryption guarantees than the included artifacts demonstrate.

RecommendationRequire the plugin to document and include the actual client-side encryption/decryption and key-handling code, or remove/soften the post-quantum E2E and server-blind claims until they are artifact-backed.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

index.ts

import { NoChatApiClient } from "./src/api/client.js"; import { PollingTransport } from "./src/transport/polling.js"; import { setNoChatRuntime, getNoChatRuntime } from "./src/runtime.js";

The provided manifest/file contents omit these imported modules and other referenced trust/session helpers, leaving core network transport, API, runtime, and routing behavior outside the reviewed artifact set.

User impactThe plugin may not run as packaged, or important high-impact behavior would come from unreviewed code not present in the supplied artifacts.

RecommendationPublish a complete package containing all imported source files and lock/provenance information before installation or review.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

openclaw.plugin.json

"required": ["serverUrl", "apiKey", "agentName"] ... "apiKey": { "label": "NoChat Agent API Key", "sensitive": true }

A NoChat API key is expected for this integration and is marked sensitive in the plugin UI, but the registry metadata declares no primary credential.

User impactInstalling and configuring the plugin gives it the ability to act through the configured NoChat agent account.

RecommendationUse a dedicated, revocable NoChat API key and ensure registry metadata clearly declares the credential requirement.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

index.ts

console.log(`[NoChat] Inbound from ${senderId.slice(0, 8)}: ${text.slice(0, 80)}...`);

The channel writes decoded inbound message content into logs, which weakens the data boundary expected from an encrypted agent-to-agent messaging plugin.

User impactSensitive messages, credentials, or instructions sent through NoChat could be retained in local logs outside the encrypted conversation.

RecommendationLog only metadata such as message IDs and sender IDs by default, and require an explicit debug mode before logging any message content.