Zulip

ReviewAudited by ClawScan on May 10, 2026.

Overview

The artifacts show a straightforward Zulip bot integration, but users should treat its API key and message-sending abilities carefully.

Install only if you intend to give the agent access to a Zulip bot account. Use a restricted bot, protect `~/.config/zulip/zuliprc`, and make sure any message sending or file sharing is explicitly approved before execution.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any agent workflow that can use this config may act as the Zulip bot within its permissions, including reading accessible messages and sending messages.

Why it was flagged

The skill requires a Zulip bot API key stored in a local config file. This is expected for Zulip API access, but it grants whatever read/send permissions the bot has.

Skill content

Create `~/.config/zulip/zuliprc`: ... `email=bot@example.zulipchat.com` ... `key=YOUR_API_KEY_HERE` ... `site=https://example.zulipchat.com`

Recommendation

Use a least-privileged Zulip bot, restrict its stream access where possible, protect the config file, and rotate/remove the API key when no longer needed.

Low

#ASI02: Tool Misuse and Exploitation

What this means

An unintended invocation could post an unwanted message to a stream or direct message recipient.

Why it was flagged

The helper directly sends Zulip stream or private messages when invoked with the `send` subcommand. This is purpose-aligned but creates external side effects.

Skill content

result = client.send_message(message)

Recommendation

Require clear user approval for send/upload actions and review the target, topic, and message content before running them.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A future package change or compromised package source could affect the helper script's behavior.

Why it was flagged

The setup installs an external Python dependency without a pinned version. This is normal for a Python API client setup but leaves behavior dependent on the current package version and package index.

Skill content

pip install zulip

Recommendation

Install from a trusted environment and consider pinning a known-good `zulip` package version or using a lockfile.