Openclaw Zulip Bridge

v2026.4.5

💬 High-performance Zulip bridge skill. Enables messaging, stream monitoring, and administrative actions on Zulip servers.

⭐ 0· 64·0 current·0 all-time

by@niyazmft

MIT-0

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

medium confidence

ℹ

Purpose & Capability

The name/description match the included code: the bundle implements a Zulip channel plugin that sends messages, monitors streams, and performs admin actions. However, the registry summary at the top claims no required environment variables while the package/openclaw.plugin.json and README clearly declare ZULIP_API_KEY, ZULIP_EMAIL, ZULIP_URL (and aliases) as provider credentials — that metadata mismatch is inconsistent and should be corrected.

✓

Instruction Scope

SKILL.md and README focus on plugin installation, configuration, and onboarding for Zulip. Instructions reference only the OpenClaw config and Zulip credentials (env vars or ~/.openclaw/openclaw.json) and do not direct the agent to read unrelated system files or exfiltrate data. Onboarding code explicitly warns about storing plaintext credentials.

ℹ

Install Mechanism

There is no formal install spec in registry metadata, but the README instructs cloning a GitHub repo and running npm install + openclaw plugins install --link. Because the manifest includes full source and a package-lock, the repository / package-lock are the relevant supply chain artifacts — review the upstream repo and package-lock before running npm install or linking into your runtime. The README's use of --link (symlink) also means local code edits will affect the runtime.

ℹ

Credentials

Requesting Zulip credentials (API key, bot email, base URL/realm) is proportionate to a Zulip bridge. The plugin declares those env vars in openclaw.plugin.json and documents them in README. The inconsistency is that the registry summary indicated 'Required env vars: none' — ignore that; the plugin will need access to ZULIP_API_KEY/ZULIP_EMAIL/ZULIP_URL (or equivalent config entries). openclaw.plugin.json also declares securityExemptions allowing env access, which is expected for channel plugins but worth noting.

✓

Persistence & Privilege

always:false (not force-included) and disable-model-invocation:false (normal). The plugin does not request elevated 'always' privileges or to modify other plugins' configs. It will persist queue/deduplication metadata on disk (expected for a bridge) and may read/write its own OpenClaw config; this is normal for a channel plugin.

Assessment

What to check before installing: - Trust the source: verify the plugin's repository (README points to https://github.com/niyazmft/openclaw-zulip-bridge.git). Confirm the repo owner and review recent commits before cloning/npminstall. - Credentials: the plugin requires your Zulip bot API key, bot email, and Zulip URL. Prefer setting these via environment variables (ZULIP_API_KEY, ZULIP_EMAIL, ZULIP_URL) as the README suggests; avoid saving secrets in plaintext config files unless you accept the risk. - Supply‑chain: review package-lock.json and package.json (there are many transitive packages in the lockfile). Run npm audit, and consider installing in an isolated environment. The README suggests linking the local repo into OpenClaw (symlink); remember that linking will make the plugin run whatever code is in that local checkout. - Metadata mismatch: the registry metadata claims no required env vars, but the plugin clearly expects Zulip credentials — treat the registry summary as incorrect and rely on the plugin docs and openclaw.plugin.json. - Least privilege: enable the plugin only in the OpenClaw instances that actually need access to the Zulip realm, and rotate the bot API key if you later remove the plugin. If you want, I can point out the exact files/lines where credentials are read and network calls are made so you (or an auditor) can review them quickly.

!

src/zulip/client.ts:452

File read combined with network send (possible exfiltration).

About static analysis

These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

bridgevk972eegg7t396kzady4xsv3z6983vsshlatestvk9798wwes2bz5cpwr7mnajcx4s845ydfopenclawvk972eegg7t396kzady4xsv3z6983vsshself-hostedvk972eegg7t396kzady4xsv3z6983vsshzulipvk972eegg7t396kzady4xsv3z6983vssh

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

💬 Zulip Bridge Skill

This skill provides the intelligence and instructions for interacting with the Zulip communication platform through the OpenClaw Zulip Bridge plugin.

Capabilities

Messaging: Send messages to Zulip streams, topics, or direct messages.
Stream Management: Create, edit, and list Zulip streams.
User Actions: Invite users to streams and check user presence.
Reactions: Add or remove emoji reactions to messages.
Monitoring: Real-time arrival of messages with durable deduplication.

Usage Guide

Messaging Targets

Streams: Use stream:STREAM_NAME (e.g., stream:bot-testing).
Topics: Use stream:STREAM_NAME:TOPIC_NAME (e.g., stream:bot-testing:alerts).
Direct Messages: Use user:EMAIL (e.g., user:alice@example.com).

Workflow

Setup: Ensure the Zulip plugin is installed and credentials (email, apiKey, site) are configured inside ~/.openclaw/openclaw.json.
Context: When an event arrives from Zulip, the agent will automatically have context including the messageId, senderId, and stream/topic.
Response: Use the messaging tool to respond. The bridge will handle chunking, markdown conversion, and media uploads automatically.

Constraints

Admin Actions: Actions like deactivating users require enableAdminActions: true in the configuration.
Mention Gating: By default, the bot only responds to @mentions in streams unless chatmode is changed.

Files

42 total

Select a file

Select a file to preview.

Comments

Loading comments…