liangzimixin-test
WarnAudited by ClawScan on May 13, 2026.
Overview
The IM-channel purpose is coherent, but the package needs careful review because it ships executable bundled/WASM code with scanner-reported hardcoded authorization tokens and a version/provenance mismatch.
Review before installing. Confirm the publisher can explain the hardcoded Authorization/token findings, provide matching package/version provenance, and document the bundled quantum SDK endpoint. If you proceed, use least-privilege IM credentials and keep sensitive local files outside the configured media roots.
Publisher note
1
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bundled component may authenticate to an external service using an embedded credential that the user did not configure or approve.
The static scan reports a hardcoded Authorization value in the bundled quantum SDK making a network request; the README/config schema do not explain a separate embedded SDK credential.
const response = await http2.post(url, data, { headers: { Authorization: [REDACTED] } });Review the unredacted source or require the publisher to document the SDK endpoint, credential source, and why no hardcoded secret is present before installing.
It is harder to know whether the reviewed code exactly matches the advertised published version.
The registry metadata lists version 0.3.104-beta.6, while the supplied manifest content lists 0.3.104-beta.5, creating a package provenance/version mismatch.
"version": "0.3.104-beta.5"
Ask the publisher to republish with matching registry and package versions and provide reviewable source/provenance for the bundled SDK and WASM.
Installing and configuring the plugin grants it access to the IM application account represented by the supplied app credentials.
The plugin requires an appId/appSecret pair for IM platform authentication, while the registry metadata says no primary credential is declared.
"appSecret": { "type": "string", "title": "应用密钥", "description": "与 appId 配对,用于签名和身份校验" }Use a least-privilege IM application credential and treat the registry credential under-declaration as something to verify with the publisher.
Private messages handled by the channel can become agent context and the agent may respond through the IM account.
The plugin establishes an external WebSocket message flow that routes private IM messages into the OpenClaw agent and sends replies back.
插件启动后会连接密信 IM WebSocket 事件流,接收私聊消息并通过 OpenClaw Agent 回复。
Install only if you intend this IM service to be connected to your agent, and verify which conversations or bot account the app credentials can access.
Files selected from allowed local directories may be read, encrypted, and sent through the IM service.
The plugin can upload or send media from remote URLs and local files, but the README describes local-root allowlisting and file size limits.
出站媒体支持三种来源:Buffer 输入、远程 http:// 或 https:// URL、本地文件路径;本地文件必须位于白名单目录中。
Keep sensitive files outside the allowed roots unless you intend the agent/channel to send them.
After the gateway is started, the plugin may keep trying to maintain the IM connection until disabled or removed.
The channel is designed to keep running and reconnect continuously, which is expected for an IM gateway but is persistent background behavior.
WebSocket 重连: 心跳保活,断线后三阶段退避重连并持续重试。
Disable or remove the channel when you no longer want the agent connected to this IM account.