Security audit

OpenClaw Zulip Channel Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Zulip integration for OpenClaw, with expected chat access and bot credentials but no artifact-backed malicious behavior.

Install only if you intend OpenClaw to read and respond through a Zulip bot. Use a dedicated bot account, keep its API key in OpenClaw secret handling or environment variables rather than source control, limit the bot to the streams it should access, and rotate the key if it was pasted into shared files or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The configuration example shows a live-style `apiKey` field for a bot credential but does not warn users to treat it as a secret, avoid committing it to source control, or prefer environment-based secret injection. This increases the likelihood that administrators will paste real credentials into tracked config files, leading to credential leakage and unauthorized access to the Zulip bot account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.