Delta Chat
ReviewAudited by ClawScan on May 17, 2026.
Overview
This appears to be a legitimate Delta Chat bridge for OpenClaw, but it handles chat credentials, persistent message data, remote user access, and an external Delta Chat RPC binary.
Before installing, use a dedicated bot account or auto-created chatmail account, install deltachat-rpc-server from a trusted source, protect ~/.openclaw/deltachat-data and your OpenClaw config, keep configWrites off unless you need it, and configure allowlists/pairing for any agent that can perform sensitive actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
People in allowed Delta Chat conversations can prompt the agent, which matters if the agent has access to tools, files, or sensitive workflows.
The plugin intentionally turns Delta Chat messages into agent conversations, and group chats can be open unless the user configures stricter policy.
"description": "Bridge Delta Chat messaging to OpenClaw agents via email" ... "groupPolicy": { ... "default": "open", "description": "Group chat policy: open (anyone), allowlist (groupAllowFrom only), disabled" }Use pairing or allowlists for direct messages and groups when the agent has sensitive capabilities, and keep requireMention enabled in groups.
If enabled for untrusted chat users, messages could potentially change bot or gateway behavior.
The plugin declares an option for channel-triggered configuration updates. It is off by default, but enabling it would give chat-originated commands mutation authority over configuration.
"configWrites": { "type": "boolean", "default": false, "description": "Allow config updates triggered by /config commands from this channel" }Leave configWrites disabled unless you have a clear administrative workflow and strict allowlists for who can send those commands.
A compromised configuration file or host could expose the bot email password or relay token.
The plugin can use an email account password or chatmail relay token to provision and operate the Delta Chat bot account.
"password": { "type": "string", "description": "Password for the email account. Required when email is not 'auto'" } ... "token": { "type": "string", "description": "Optional authentication token for the chatmail server" }Use a dedicated bot account and app password, restrict access to OpenClaw configuration files, and rotate credentials if the host is shared or compromised.
The installed RPC server binary runs locally with the gateway user's privileges.
The plugin launches the configured deltachat-rpc-server process. This is required for the integration and the visible code disables shell execution and limits environment variables.
const spawn = await getSpawn(); this.server = spawn(this.config.rpcServerPath, [], { shell: false, env: { ... DC_ACCOUNTS_PATH: dataDir }, stdio: ["pipe", "pipe", "inherit"] });Install deltachat-rpc-server only from trusted Delta Chat or package-manager sources and avoid pointing rpcServerPath at arbitrary binaries.
Anyone with access to this directory may be able to inspect or tamper with the bot's stored chat state or account material.
Delta Chat account keys, message state, and related data are persisted locally so the bot account can continue operating.
"dataDir": { "type": "string", "default": "~/.openclaw/deltachat-data", "description": "Directory for Delta Chat account data (keys, messages, etc.)" }Keep the data directory on a trusted local disk with restrictive permissions, and back it up or delete it according to your retention needs.