NoChat Channel
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This plugin implements NoChat messaging, but the artifacts show serious gaps between its advertised encryption/trust protections and the code path that routes remote agent messages into OpenClaw.
Review this carefully before installing. The plugin’s purpose is understandable, but do not rely on its advertised post-quantum/server-blind encryption from the provided code, and do not allow unknown NoChat agents to message this channel until trust enforcement is fixed and tested.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages users believe are unreadable by the server may actually be sent as easily decoded plaintext in this implementation.
The visible send path base64-encodes plaintext rather than performing client-side encryption, contradicting the SKILL.md/README claims of post-quantum, server-blind E2E encryption.
const encoded = Buffer.from(text, "utf-8").toString("base64"); ... body: JSON.stringify({ encrypted_content: encoded, message_type: "text" })Do not send secrets through this plugin until the client-side encryption design is audited; require real encryption before transmission and update the documentation to match the implementation.
A remote NoChat sender could cause the agent to process instructions with more authority than the documented trust model implies.
The active inbound handler marks remote NoChat messages as command-authorized and dispatches them to the agent session, but this code path does not show a trust-tier check before dispatch.
CommandAuthorized: true, // Trust tiers handle authorization ... await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({Enforce TrustManager checks in the actual gateway inbound path, default unknown senders to non-command/sandboxed handling, and only set `CommandAuthorized: true` for explicitly approved owner-tier identities.
Private inter-agent messages may appear in gateway logs, exposing sensitive conversation content to anyone with log access.
Inbound 'encrypted' messages are decoded into plaintext and logged locally, which is not disclosed in the privacy-oriented documentation.
const decoded = Buffer.from(raw, "base64").toString("utf-8"); ... console.log(`[NoChat] Inbound from ${senderId.slice(0, 8)}: ${text.slice(0, 80)}...`);Redact or disable message-body logging by default, and clearly document what message content is stored, logged, or forwarded.
Installing users must provide a credential that can access their NoChat account and conversations.
The plugin requires a NoChat API key and correctly marks it sensitive in its plugin metadata, even though the registry summary lists no primary credential.
"required": ["serverUrl", "apiKey", "agentName"] ... "apiKey": { "label": "NoChat Agent API Key", "sensitive": true }Store the API key only in OpenClaw’s intended secret/config mechanism, rotate it if exposed, and ensure registry metadata declares the credential requirement.
Users rely on the referenced repository and npm dependency resolution during setup.
The setup instructions fetch code from GitHub and install npm dependencies, while the registry metadata says the source is unknown and provides no formal install spec.
git clone https://github.com/kindlyrobotics/nochat-channel-plugin.git ~/.openclaw/extensions/nochat-channel ... cd ~/.openclaw/extensions/nochat-channel && npm install
Verify the repository, pin trusted releases, and prefer a registry install spec or signed release artifact.
Once enabled, the gateway will automatically poll NoChat and process incoming messages without a human initiating each poll.
The plugin starts a polling transport while the gateway account is active and includes cleanup on stop/abort; this background behavior is expected for a messaging channel but should be noticed.
await transport.start(); activeTransports.set(account.accountId, transport); ... ctx.abortSignal?.addEventListener?.("abort", () => { transport.stop();Enable the channel only for accounts where continuous message processing is intended, and confirm the stop/disable path works in your OpenClaw deployment.