Keet CLI
ReviewAudited by ClawScan on May 14, 2026.
Overview
The skill is transparent and safety-oriented, but it can access private Keet profile data, send messages, and run a bridge, so it should only be used with explicit targets and trusted local code.
Before installing or invoking this skill, make sure the local keet-cli repository is trusted, confirm the exact Keet profile and chat targets, approve any message-sending or bridge action explicitly, and stop any daemon/watch/bridge process when it is no longer needed.
Publisher note
Provides safe operating guidance for the keet-cli project: inspecting Keet storage, listing rooms/messages, sending messages, running daemon/watch modes, and operating the Keet ↔ OpenClaw bridge. Emphasizes conservative routing, no secret exposure, and no invite/chat automation without explicit approval.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong profile or chat, the agent could expose private conversation data or send a message from the user's Keet account.
The skill can read Keet message data and send messages using a local Keet profile, while acknowledging that profile storage may contain highly sensitive account material.
`node src/cli.js messages --limit 10` ... `node src/cli.js send 'message text'` ... `Treat Keet profile storage, seeds, recovery phrases, private keys, tokens... as sensitive.`
Confirm the exact Keet profile and target chat before use, approve each send/join/create action explicitly, and avoid displaying or committing any keys, tokens, recovery data, or private logs.
Chat messages, including group messages, could be routed into OpenClaw or replies could be sent back to Keet if the bridge is configured too broadly.
The Keet ↔ OpenClaw bridge can move chat content between a messenger context and the agent; the skill gives conservative routing guidance but still requires careful boundary configuration.
`node src/cli.js bridge` ... `forward only the intended chat(s)` ... `fail closed when the target chat is ambiguous`
Limit the bridge to explicit chats, verify participants and routing rules, treat incoming chat text as untrusted, and keep logs/state free of message secrets.
A long-running process could continue monitoring Keet messages or maintaining a bridge longer than intended.
The skill documents long-running watch, daemon, bridge, and supervisor modes that may continue observing or routing messages after startup.
`node src/cli.js watch --interval 2000` ... `node src/cli.js daemon` ... `scripts/keet-bridge-supervisor.sh`
Prefer foreground/debug runs when possible, know how to stop the daemon or supervisor, and use long-running modes only for an explicitly approved need.
If the local repository or its dependencies are untrusted, running npm or node commands could execute code with access to the user's environment and Keet data.
The skill depends on running code from a local keet-cli repository rather than reviewed bundled code, so the safety of execution depends on that checkout and its dependencies.
`Locate the project repository. Common default: /openclaw/workspace/keet-cli` ... `npm install` ... `node src/cli.js --help`
Use only a trusted keet-cli checkout, inspect git status/diffs before running, and avoid running install or script commands in an unexpected repository.