Back to plugin

Security audit

talk

Security checks across malware telemetry and agentic risk

Overview

This channel plugin broadly connects OpenClaw to a remote WebSocket service, but it also exposes session history, session changes, model selection, credentials, and local media file upload behavior that is not clearly disclosed in its user-facing description.

Review this plugin carefully before installing. Only use it if you trust the configured WebSocket server operator, because that server can receive credentials in headers, send messages into your agent, request conversation/session history, change session/model state, and receive local files when media paths are processed.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.