Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Keychat
v1.1.1Install Keychat — sovereign E2E encrypted messaging for OpenClaw agents via Signal Protocol over Nostr relays. Use when the user wants to add Keychat or set...
⭐ 0· 558·1 current·1 all-time
bykeychat.io@kcdev001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the runtime instructions: the SKILL tells the agent to install the @keychat-io/keychat plugin and restart the gateway. Automatic configuration of channels.keychat, creation of a Nostr identity, and exposing the agent's Keychat ID/QR to the user are consistent with a messaging plugin.
Instruction Scope
The SKILL.md stays within the claimed purpose (install plugin, restart gateway). It explicitly states that after install the agent will generate an identity, store mnemonics in the OS keychain, and send the agent's npub/QR to the user's active chat and automatically accept contacts — all relevant to messaging but also privacy-sensitive and potentially surprising to users.
Install Mechanism
The skill is instruction-only and runs `openclaw plugins install @keychat-io/keychat`. The SKILL.md warns the plugin will download a 'bridge binary' (Rust sidecar) and spawn it. Because there is no install manifest here describing where that binary is fetched from, the install will cause an external native binary to be written to disk and executed — a higher-risk operation unless the download provenance is verified.
Credentials
No external API keys or env vars are requested (proportionate), but the plugin stores identity mnemonics in the OS keychain (macOS Keychain / Linux libsecret). That requires access to system secrets/storage and is not reflected in the skill's declared requirements; storing/using long-lived cryptographic secrets is sensitive and should be explicitly acknowledged.
Persistence & Privilege
The skill does not request always:true and does not claim elevated platform privileges. It will modify agent configuration (channels.keychat in openclaw.json) and persist identity material in the OS keychain, which is normal for a messaging plugin but results in ongoing presence and the ability to receive messages and accept contacts automatically — a behavior users might want to approve explicitly.
Scan Findings in Context
[exec-rust-sidecar] expected: SKILL.md explicitly warns that the plugin spawns a Rust bridge sidecar for cryptography. Spawning native helper processes is expected for language-bridging crypto implementations, but it increases risk because native binaries are downloaded and executed.
[store-mnemonic-keychain] expected: SKILL.md states identity mnemonics are stored in the OS keychain (macOS Keychain / Linux libsecret). This is expected for local key storage, but it is a sensitive action and should be visible to users and administrators.
What to consider before installing
This skill appears to do what it says (installing a Keychat plugin), but it performs sensitive operations: it downloads and executes a native bridge binary, stores private identity mnemonics in your OS keychain, writes config to openclaw.json, and will broadcast the agent's Keychat ID/QR and auto-accept contacts. Before installing: (1) verify the plugin package provenance (inspect the @keychat-io/keychat package and the GitHub repo link provided) and confirm the URL used to fetch the bridge binary; (2) review the plugin code or ask the maintainer where binaries are hosted and whether checksums/signatures are provided; (3) confirm you are comfortable with the agent automatically creating and sharing an identity and auto-accepting contacts (consider disabling auto-accept if possible); (4) consider installing first in a sandbox or test agent; and (5) ensure you understand how to revoke/delete the generated identity and where mnemonics are backed up. If you cannot verify the binary provenance or code, treat the install as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk975mqt0z6zvw2b8nkkcf0rxvs82g5sh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis