Security audit
talk
Security checks across malware telemetry and agentic risk
Overview
This channel plugin broadly connects OpenClaw to a remote WebSocket service, but it also exposes session history, session changes, model selection, credentials, and local media file upload behavior that is not clearly disclosed in its user-facing description.
Review this plugin carefully before installing. Only use it if you trust the configured WebSocket server operator, because that server can receive credentials in headers, send messages into your agent, request conversation/session history, change session/model state, and receive local files when media paths are processed.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
