Keychat
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it says—install Keychat—but it adds an external plugin, downloaded bridge binary, and persistent encrypted messaging identity/channel.
Before installing, verify that you trust Keychat and the @keychat-io/keychat package. Expect it to restart the OpenClaw gateway, install/run a bridge component, create a persistent messaging identity, store that secret in your OS keychain, and send a contact link/QR for adding the agent as a Keychat contact.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it will trust code and a bridge binary fetched outside this reviewed SKILL.md file.
The reviewed skill delegates its main functionality to an external plugin and downloaded binary that are not present in the provided artifact set.
openclaw plugins install @keychat-io/keychat ... The plugin automatically downloads the bridge binary
Install only if you trust the Keychat package/source, and consider verifying the package version and project repository before running the install or upgrade commands.
A local process may run with the user's OpenClaw environment privileges as part of the messaging bridge.
The skill discloses that the installed plugin runs a local Rust sidecar process for cryptographic protocol support.
bridge-client.ts — Spawns a Rust sidecar for Signal Protocol and MLS Protocol encryption
Expect the sidecar as part of Keychat, but monitor or remove the plugin if you do not want a persistent local messaging bridge.
The OS keychain entry becomes important for the agent's messaging identity; compromise could allow impersonation, and deletion could affect identity recovery.
The plugin creates and stores a secret mnemonic controlling the agent's Keychat/Nostr identity.
keychain.ts — Stores identity mnemonics in the OS keychain (macOS Keychain / Linux libsecret)
Protect the local OS account/keychain and understand how to back up, rotate, or remove the Keychat identity if needed.
Anyone who receives the contact link or QR code may be able to initiate contact with the agent, depending on Keychat's contact flow.
The skill creates an external relay-based messaging channel and automatically establishes a session when the user adds the agent as a contact.
via Signal Protocol over Nostr relays ... The agent automatically accepts and establishes an encrypted session
Share the agent's npub/contact link/QR only with intended contacts and verify who is allowed to message the agent.