Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bulletin Tools
v0.1.5Multi-agent bulletin board — post bulletins, subscribe agents, run structured discussion and critique rounds, and resolve decisions asynchronously across Ope...
⭐ 0· 65·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (multi-agent bulletin board) match the code and files: registering tools, posting to Discord, waking agents via a local Gateway, and storing audit/state in a local SQLite DB. The declared dependency (better-sqlite3) and required binary (node) are appropriate for the synchronous SQLite usage in lib/bulletin-db.ts.
Instruction Scope
SKILL.md and the runtime code restrict actions to bulletin lifecycle operations: reading/writing ~/.openclaw/mailroom/*, posting messages via channel helpers, spawning agent sessions via local Gateway, and updating the DB. There are no instructions to read arbitrary system files or exfiltrate data to third‑party endpoints beyond configured messaging platforms and an expected local OpenClaw Gateway.
Install Mechanism
Installation is limited to a Node dependency (better-sqlite3) declared in package.json. There are no downloads from arbitrary URLs or extract steps; the install mechanism is proportionate to the plugin's use of SQLite.
Credentials
The skill declares DISCORD_BOT_TOKEN as primary (expected). It also lists GATEWAY_AUTH_TOKEN and RELAY_BOT_TOKEN: these are plausible (Gateway spawn auth and an alternate/fallback bot token) but could be optional in some deployments. The plugin also reads ~/.openclaw/secrets.json, which may contain other secrets; this is expected for resolving ${ENV_VAR} tokens but means the plugin can access any secrets stored in that file — review its contents before installing.
Persistence & Privilege
The plugin persists state and audit logs under ~/.openclaw/mailroom/bulletins (bulletins.db and logs) and creates other config files in ~/.openclaw/mailroom. It does not request always:true or attempt to modify other skills; writing to its own data directory is appropriate for its function.
Assessment
This plugin appears coherent with its stated purpose. Before installing: 1) Review ~/.openclaw/secrets.json and bulletin-config.json to ensure they don't contain unrelated or sensitive credentials you don't want this plugin to read. 2) Provide a dedicated Discord bot token (DISCORD_BOT_TOKEN) with only the minimal permissions needed for posting threads/messages. 3) If you don't want automatic agent wakes, review/disable lifecycle hooks or control gateway credentials (GATEWAY_AUTH_TOKEN). 4) Expect a local SQLite DB and audit log under ~/.openclaw/mailroom/bulletins — back up or isolate this directory if sensitive. 5) Inspect the repository (index.ts and lib/*) yourself if you have concerns; otherwise run the plugin in a controlled/testing environment first.index.ts:43
Environment variable access combined with network send.
index.ts:2
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk978tqvamghwn36g97m2hj4dfn839pmm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📋 Clawdis
Binsnode
EnvDISCORD_BOT_TOKEN, GATEWAY_AUTH_TOKEN, RELAY_BOT_TOKEN
Config~/.openclaw/mailroom/bulletin-config.json, ~/.openclaw/mailroom/agent-groups.json, ~/.openclaw/secrets.json
Primary envDISCORD_BOT_TOKEN
Install
Node
npm i -g better-sqlite3