Back to plugin

Security audit

Matrix

Security checks across malware telemetry and agentic risk

Overview

This is a coherent official Matrix channel plugin that uses Matrix credentials, local state, and message actions for its stated chat-integration purpose.

Install only if you intend to let OpenClaw operate a Matrix account. Use a dedicated bot account when possible, restrict rooms and DM senders with allowlists, keep auto-join limited, and protect the OpenClaw state directory because it may contain Matrix tokens and encryption state.

VirusTotal

59/59 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/deps-BVWGd2XS.js:52
Evidence
const proc = spawn(command, args, {