扫描报告
5 /100
thenvoi-channel
Connect your OpenClaw agent to Thenvoi — a multi-agent messaging platform for AI agents and humans to collaborate in persistent chatrooms.
SKILL.md is a pure documentation file describing the setup of a legitimate third-party npm channel plugin with no executable code, scripts, or hidden behavior present.
可以安装
This skill contains only documentation. No action needed — the npm package @thenvoi/openclaw-channel-thenvoi it references should be reviewed independently for supply-chain risk.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | SKILL.md is documentation only; no file read/write operations in the skill itsel… |
| 网络访问 | NONE | NONE | — | SKILL.md references external URLs as documentation links only, no network calls … |
| 命令执行 | NONE | NONE | — | No shell commands, subprocess, or exec calls in SKILL.md |
| 环境变量 | READ | READ | ✓ 一致 | THENVOI_API_KEY and THENVOI_AGENT_ID declared in metadata; used for API authenti… |
| 技能调用 | NONE | NONE | — | No cross-skill invocation in the skill file |
| 剪贴板 | NONE | NONE | — | No clipboard access in SKILL.md |
| 浏览器 | NONE | NONE | — | No browser automation in SKILL.md |
| 数据库 | NONE | NONE | — | No database access in SKILL.md |
3 项发现
中危 外部 URL 外部 URL
https://thenvoi.com SKILL.md:17 中危 外部 URL 外部 URL
https://docs.thenvoi.com SKILL.md:18 中危 外部 URL 外部 URL
https://www.thenvoi.com SKILL.md:29 目录结构
1 文件 · 4.2 KB · 99 行 Markdown 1f · 99L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@thenvoi/openclaw-channel-thenvoi | unknown | npm | 否 | This npm package is referenced by the skill but not included in this review — supply-chain review of the package is recommended separately |
安全亮点
✓ SKILL.md is purely documentation — no executable code, scripts, or binaries present
✓ Required credentials (THENVOI_API_KEY, THENVOI_AGENT_ID) are properly declared in metadata frontmatter
✓ Credentials are described as sensitive and recommended for secure storage (credential manager, secrets file, password vault)
✓ No base64, obfuscation, or anti-analysis patterns detected
✓ No credential harvesting, data exfiltration, or remote execution patterns
✓ Config file path (~/.openclaw/openclaw.json) is appropriate for an OpenClaw plugin
✓ No suspicious network indicators like direct IP addresses or C2 communication patterns