liangzimixin
Security checks across malware telemetry and agentic risk
Overview
This messaging plugin is mostly consistent with an IM-channel integration, but it needs review because it appears to ship a hardcoded authorization value and its encryption/security posture is not as clear as its branding suggests.
Review carefully before installing, especially on production accounts. Ask the publisher to clarify and remove any hardcoded Authorization/accessToken values, use least-privilege app credentials, verify all service endpoints, and set encryptionMode to quantum_only if you require all messages to be encrypted.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bundled authorization secret could make it unclear whose account or service privileges are being used and may expose or misuse shared credentials.
The supplied static scan reports a hardcoded Authorization value in the bundled SDK. A channel plugin should normally use user-configured, scoped credentials rather than shipping an embedded authorization secret.
const response = await http2.post(url, data, { headers: { Authorization: [REDACTED] } });Do not use this with production accounts until the publisher removes and rotates any embedded secrets and documents that all authorization comes from user-scoped configuration.
Users may assume all messages are quantum-encrypted when the default configuration can allow plaintext message handling.
The plugin is branded as quantum-encrypted secure messaging, but its default mode explicitly supports ordinary plaintext messages as well as encrypted messages.
"quantum_and_plain = 同时支持加密和普通消息", "default": "quantum_and_plain"
If encryption is required, set the mode to quantum_only and ask the publisher to make the plaintext-compatible default and tradeoff prominent in the README and registry description.
Once configured, the agent/channel may act through the connected IM account and handle files as part of conversations.
The plugin can send, receive, recall, upload, and download content through an IM account. That is central to the channel purpose, but it is still account-mutating authority.
消息收发、撤回 ... 文件上传下载 ... 插件将自动连接到密信 IM 服务器,开始接收和发送消息。
Use least-privilege app credentials, test in a non-production workspace first, and configure any OpenClaw approval policies you need for outbound messages or file actions.
Messages, files, tokens, and notification metadata may pass through the configured provider services.
The plugin is designed to communicate with external WebSocket, OAuth, message, file, and optional push services. These flows are expected for an IM integration but carry sensitive chat/file data.
wsUrl ... serverUrl ... messageServiceBaseUrl ... fileServiceBaseUrl ... push?: { enabled: boolean; endpoint: string; apiKey: string; }Verify the service endpoints, use trusted networks/providers, and avoid sending sensitive files unless the credential and encryption configuration are clear.
Users must trust the bundled SDK and WASM implementation because the provided artifact is not easily reviewable source code.
The crypto SDK is loaded at runtime from bundled compiled artifacts, including a WASM file in the manifest. That is plausible for a crypto plugin, but it reduces source-level auditability.
SDK 加载方式:运行时通过 require() 加载同级 quantum-sdk/index.cjs
Install only from a trusted publisher/source and ask for source provenance, checksums, and a reviewable build process for the bundled SDK.
The plugin may keep reconnecting and processing IM traffic while the OpenClaw gateway is running.
The plugin includes heartbeat and reconnect settings for a long-running WebSocket connection. This is expected for an IM channel, but it means the integration persists after setup.
heartbeatIntervalMs ... reconnectMaxMs ... maxReconnectAttempts ... persistentRetryIntervalMs
Disable or uninstall the plugin when not needed, and monitor gateway/plugin logs for unexpected connection or message activity.