Openclaw Line 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This official LINE integration is purpose-aligned, but users should understand that inbound LINE media may be stored for agent processing.

Install this only for workspaces where you intend OpenClaw to receive and reply to LINE messages. Configure dmPolicy/groupPolicy and allowFrom carefully, protect LINE tokens and secret files, and set expectations for how inbound images, video, audio, and files are stored, retained, and deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 74% confidence
Finding: The handler downloads and persists user-supplied media from LINE messages to storage, which creates privacy and storage-abuse risk. Even with a size cap, this code stores untrusted content before any visible consent, malware scanning, content validation, retention control, or clear minimization logic is shown in this file.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: Inbound media is persisted automatically without any user-facing warning or disclosure evident in this code. For a chat integration, silent storage of user content can violate privacy expectations and increase regulatory/compliance exposure if sensitive media is retained.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal