Claw Messenger - iMessage without a Mac
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: imessage-claw-messenger Version: 1.0.0 The skill bundle describes a legitimate-looking iMessage/SMS relay plugin for OpenClaw. It connects to a TLS-encrypted WebSocket relay server (claw-messenger.onrender.com) and requires an API key stored locally in .openclaw.json. The documentation (SKILL.md) is transparent about its external connections, data handling policies, and security best practices, such as advising the user to exclude configuration files from version control. No evidence of malicious intent, prompt injection, or unauthorized data exfiltration was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent connected through this skill may interact with real contacts over iMessage, RCS, or SMS.
The skill enables an agent to participate in real messaging channels. This is the stated purpose, but users should recognize that agent mistakes could result in messages being sent or received through those channels.
Claw Messenger routes messages between your OpenClaw agent and iMessage/RCS/SMS networks.
Use conservative agent instructions, configure inbound policies such as pairing or allowlists where appropriate, and avoid enabling the integration for workflows where unintended messages would be harmful.
Anyone or any agent with access to the API key may be able to send and receive messages through the user's Claw Messenger account.
The API key grants account-level messaging authority for the Claw Messenger service. This is expected for the skill, but it is a sensitive credential with real communication privileges.
This plugin requires **one credential**: a Claw Messenger API key... **Scope** | Authorizes sending and receiving messages on your account only
Treat the API key like a password, store it only in the intended local config, start with a scoped or test key if available, and rotate or revoke it if exposed.
The code that actually implements the messaging bridge would come from the npm package rather than from the provided SKILL.md artifact.
The provided skill artifact is instruction-only and directs users to install an external npm package. This is normal for a plugin setup, but the runnable package contents are outside the submitted artifact.
openclaw plugins install @emotion-machine/claw-messenger
Verify the npm package name, publisher, version, and linked source repository before installing, and prefer pinned versions where possible.
Message contents transit Claw Messenger's relay server, and message metadata may be retained for delivery tracking and billing.
The skill discloses that communications pass through a third-party relay and that metadata is logged. This is expected for a relay service, but it is sensitive data handling.
Message content passes through in transit but is not persisted on the relay server. Message metadata (sender, recipient, timestamps) is logged for delivery tracking and billing
Review the privacy policy, avoid routing highly sensitive communications unless the relay's data handling is acceptable, and use allowlists or pairing policies to reduce unwanted inbound exposure.