Scan Report
5 /100
thenvoi-channel
Connect your OpenClaw agent to Thenvoi — a multi-agent messaging platform for AI agents and humans to collaborate in persistent chatrooms.
SKILL.md is a pure documentation file describing the setup of a legitimate third-party npm channel plugin with no executable code, scripts, or hidden behavior present.
Safe to install
This skill contains only documentation. No action needed — the npm package @thenvoi/openclaw-channel-thenvoi it references should be reviewed independently for supply-chain risk.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md is documentation only; no file read/write operations in the skill itsel… |
| Network | NONE | NONE | — | SKILL.md references external URLs as documentation links only, no network calls … |
| Shell | NONE | NONE | — | No shell commands, subprocess, or exec calls in SKILL.md |
| Environment | READ | READ | ✓ Aligned | THENVOI_API_KEY and THENVOI_AGENT_ID declared in metadata; used for API authenti… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation in the skill file |
| Clipboard | NONE | NONE | — | No clipboard access in SKILL.md |
| Browser | NONE | NONE | — | No browser automation in SKILL.md |
| Database | NONE | NONE | — | No database access in SKILL.md |
3 findings
Medium External URL 外部 URL
https://thenvoi.com SKILL.md:17 Medium External URL 外部 URL
https://docs.thenvoi.com SKILL.md:18 Medium External URL 外部 URL
https://www.thenvoi.com SKILL.md:29 File Tree
1 files · 4.2 KB · 99 lines Markdown 1f · 99L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@thenvoi/openclaw-channel-thenvoi | unknown | npm | No | This npm package is referenced by the skill but not included in this review — supply-chain review of the package is recommended separately |
Security Positives
✓ SKILL.md is purely documentation — no executable code, scripts, or binaries present
✓ Required credentials (THENVOI_API_KEY, THENVOI_AGENT_ID) are properly declared in metadata frontmatter
✓ Credentials are described as sensitive and recommended for secure storage (credential manager, secrets file, password vault)
✓ No base64, obfuscation, or anti-analysis patterns detected
✓ No credential harvesting, data exfiltration, or remote execution patterns
✓ Config file path (~/.openclaw/openclaw.json) is appropriate for an OpenClaw plugin
✓ No suspicious network indicators like direct IP addresses or C2 communication patterns