Openclaw Zulip Bridge

v1.0.1

💬 High-performance Zulip bridge skill. Enables messaging, stream monitoring, and administrative actions on Zulip servers.

⭐ 0· 10·1 current·1 all-time

by@niyazmft

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The skill's name, description, SKILL.md, and source files consistently implement a Zulip channel/bridge (sending messages, monitoring streams, admin actions). Requiring Zulip credentials (api key, email, url) is appropriate for this purpose.

ℹ

Instruction Scope

SKILL.md and README instruct the agent/operator to install the Zulip plugin, configure credentials (via ~/.openclaw/openclaw.json or environment variables), and use OpenClaw plugin commands; these instructions are in-scope. They also include a full source dump and explicit install steps (git clone, npm install, openclaw plugins install) — acceptable but gives the installer broad discretion (cloning, running npm).

!

Install Mechanism

Registry metadata says 'No install spec / instruction-only', yet the package includes full source (35 files) and a README that tells users to git clone and run npm install. The package-lock.json contains a large tree (AWS SDK, Anthropic, etc.) even though package.json lists no runtime dependencies. The presence of a heavy/truncated package-lock and odd overrides in package.json (mapping some packages to 'zod') is unexpected and worth auditing — it could cause npm to install unexpected transitive packages. Also the skill registry lists Source: unknown while README references a GitHub URL; verify origin before cloning/executing.

ℹ

Credentials

The plugin manifest (openclaw.plugin.json) declares providerAuthEnvVars for Zulip (ZULIP_API_KEY, ZULIP_EMAIL, ZULIP_URL etc.), which is proportionate and expected. However, top-level registry metadata for the skill shows 'Required env vars: none' and 'Primary credential: none' — a mismatch between registry metadata and the packaged plugin. The SKILL.md consistently recommends environment variables for credentials. Confirm where the platform will prompt for/store these secrets and prefer environment variables as recommended.

✓

Persistence & Privilege

Skill flags: always=false, user-invocable=true, model invocation not disabled — normal for a channel plugin. The skill does not request elevated platform-wide privileges or 'always' inclusion. No instructions were found to modify other skills or system-wide agent settings.

What to consider before installing

This package appears to be a legitimate Zulip bridge, but there are red flags you should check before installing: 1) Confirm the source/repo authenticity — the registry lists Source: unknown while README gives a GitHub URL. Clone only from a vetted upstream. 2) Inspect package-lock.json and package.json locally: package.json has no runtime dependencies yet package-lock contains many large SDKs (AWS, Anthropic). Understand why and remove/lock unnecessary packages. 3) Verify providerAuthEnvVars (ZULIP_API_KEY, ZULIP_EMAIL, ZULIP_URL) will be supplied securely (prefer environment variables, do not check secrets into openclaw.json). 4) Because installation involves running npm install and linking into your OpenClaw runtime, review the code (especially network calls and any upload or logging sinks) and run in a staging environment first. 5) If you need to mitigate risk: run npm install in an isolated environment, audit installed packages, and consider forking the repo and pinning dependencies or building a minimal plugin containing only the files you trust. If you want, I can list which files or package-lock entries to inspect first and what to search for in the source (e.g., unexpected hardcoded endpoints, telemetry/exfiltration patterns, or exec/spawn usage).

✗

src/onboarding.ts:85

Environment variable access combined with network send.

!

src/zulip/client.ts:452

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976s6q44nd540wgd0hfmpztyd8434w0

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

💬 Zulip Bridge Skill

This skill provides the intelligence and instructions for interacting with the Zulip communication platform through the OpenClaw Zulip Bridge plugin.

Capabilities

Messaging: Send messages to Zulip streams, topics, or direct messages.
Stream Management: Create, edit, and list Zulip streams.
User Actions: Invite users to streams and check user presence.
Reactions: Add or remove emoji reactions to messages.
Monitoring: Real-time arrival of messages with durable deduplication.

Usage Guide

Messaging Targets

Streams: Use stream:STREAM_NAME (e.g., stream:bot-testing).
Topics: Use stream:STREAM_NAME:TOPIC_NAME (e.g., stream:bot-testing:alerts).
Direct Messages: Use user:EMAIL (e.g., user:alice@example.com).

Workflow

Setup: Ensure the Zulip plugin is installed and credentials (email, apiKey, site) are configured inside ~/.openclaw/openclaw.json.
Context: When an event arrives from Zulip, the agent will automatically have context including the messageId, senderId, and stream/topic.
Response: Use the messaging tool to respond. The bridge will handle chunking, markdown conversion, and media uploads automatically.

Constraints

Admin Actions: Actions like deactivating users require enableAdminActions: true in the configuration.
Mention Gating: By default, the bot only responds to @mentions in streams unless chatmode is changed.

Files

47 total

Select a file

Select a file to preview.

Comments

Loading comments…