ClawHub

Olvid Channel

v0.1.0

Add a native Olvid channel in OpenClaw.

1· 2k·1 current·1 all-time
by@jmartel-olvid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: code implements an OpenClaw channel that connects to an Olvid daemon, sends/receives messages, handles attachments, and exposes configuration for daemonUrl and clientKey.
Instruction Scope
SKILL.md is high-level and points to external docs; runtime code only accesses OpenClaw runtime APIs, the Olvid daemon (user-configured URL), and local filesystem for saving attachments (/tmp/olvid-attachments). It does not instruct the agent to read unrelated host files or exfiltrate data to unexpected external endpoints.
Install Mechanism
There is no install spec in registry metadata (installation is via hub/local package). The package files show normal npm dependencies (e.g., @olvid/bot-node, zod) and a package-lock.json that pulls many transitive packages from the npm registry. No downloads from arbitrary URLs or extract-from-unknown-server steps are present, but the transitive dependency tree is large — review if you have a strict supply-chain policy.
Credentials
The plugin uses Olvid-specific credentials (clientKey, daemonUrl) and will optionally read OLVID_CLIENT_KEY and OLVID_DAEMON_TARGET from the environment for the default account. It does not request unrelated credentials. Be aware that OLVID_CLIENT_KEY env var (if present) will be picked up automatically for the default account.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It runs a long-lived monitor (connector) to keep a session with the Olvid daemon — this is expected for a channel plugin and within its scope.
Assessment
This skill appears to do what it claims: it connects your OpenClaw agent to an Olvid daemon using a client key and daemon URL. Before installing: 1) Treat the client key as a secret — prefer entering it in plugin config rather than exporting OLVID_CLIENT_KEY globally if you want scoped usage. 2) Confirm the daemonUrl points to a daemon you control (e.g., localhost) and not an untrusted remote endpoint. 3) Note the plugin writes attachments to /tmp (temporary files) and records session metadata in the OpenClaw session store. 4) The provided package-lock.json contains many transitive npm packages (including large cloud SDKs) — if you have strict supply-chain or minimal-deps requirements, inspect the lockfile or install source from the official GitHub repo (https://github.com/olvid-io/openclaw-channel-olvid) and/or build from pinned dependencies. 5) If you want higher assurance, review the referenced GitHub repo and ensure the published package matches the source.

Like a lobster shell, security has layers — review code before you run it.

latestvk972avk9w2c5bmj7cpq9hg3m9x80wng1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗨️ Clawdis

Comments