Olvid Channel

v0.1.0

Add a native Olvid channel in OpenClaw.

⭐ 1· 2k·1 current·1 all-time

by@jmartel-olvid

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the implementation: code implements an OpenClaw channel that connects to an Olvid daemon, sends/receives messages, handles attachments, and exposes configuration for daemonUrl and clientKey.

✓

Instruction Scope

SKILL.md is high-level and points to external docs; runtime code only accesses OpenClaw runtime APIs, the Olvid daemon (user-configured URL), and local filesystem for saving attachments (/tmp/olvid-attachments). It does not instruct the agent to read unrelated host files or exfiltrate data to unexpected external endpoints.

ℹ

Install Mechanism

There is no install spec in registry metadata (installation is via hub/local package). The package files show normal npm dependencies (e.g., @olvid/bot-node, zod) and a package-lock.json that pulls many transitive packages from the npm registry. No downloads from arbitrary URLs or extract-from-unknown-server steps are present, but the transitive dependency tree is large — review if you have a strict supply-chain policy.

ℹ

Credentials

The plugin uses Olvid-specific credentials (clientKey, daemonUrl) and will optionally read OLVID_CLIENT_KEY and OLVID_DAEMON_TARGET from the environment for the default account. It does not request unrelated credentials. Be aware that OLVID_CLIENT_KEY env var (if present) will be picked up automatically for the default account.

✓

Persistence & Privilege

The skill does not request always:true and does not modify other skills. It runs a long-lived monitor (connector) to keep a session with the Olvid daemon — this is expected for a channel plugin and within its scope.

Assessment

This skill appears to do what it claims: it connects your OpenClaw agent to an Olvid daemon using a client key and daemon URL. Before installing: 1) Treat the client key as a secret — prefer entering it in plugin config rather than exporting OLVID_CLIENT_KEY globally if you want scoped usage. 2) Confirm the daemonUrl points to a daemon you control (e.g., localhost) and not an untrusted remote endpoint. 3) Note the plugin writes attachments to /tmp (temporary files) and records session metadata in the OpenClaw session store. 4) The provided package-lock.json contains many transitive npm packages (including large cloud SDKs) — if you have strict supply-chain or minimal-deps requirements, inspect the lockfile or install source from the official GitHub repo (https://github.com/olvid-io/openclaw-channel-olvid) and/or build from pinned dependencies. 5) If you want higher assurance, review the referenced GitHub repo and ensure the published package matches the source.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🗨️ Clawdis

latestvk972avk9w2c5bmj7cpq9hg3m9x80wng1

2kdownloads

1stars

14versions

Updated 1mo ago

v0.1.0

MIT-0

Olvid Channel

This plugin adds a native Olvid channel in OpenClaw. It allows to securely chat with your Agent within Olvid application. Olvid is available on every platform (Android/iOs, Linux/Windows/MacOs).

With this channel you can use Olvid authenticated end-to-end encryption to exchange with your agent without exposing your OpenClaw instance on the web.

Install

Follow our installation guide: https://doc.bot.olvid.io/openclaw.

Olvid Targets

Here are examples of expected Olvid targets:

olvid:discussion:42
olvid:contact:21
olvid:group:12

Documentation

Documentation to use this skill is available here: https://doc.bot.olvid.io/openclaw.

This skill code is hosted on GitHub: https://github.com/olvid-io/openclaw-channel-olvid.

Publishing

The skill is ready for publication on the OpenClaw Hub.
Run:

openclaw hub publish

This will upload the package to the hub and make it discoverable by other OpenClaw users.

Contact

Feel free to open new issues or contact us at: bot@olvid.io.

Comments

Loading comments...