Skillv1.0.0

ClawScan security

telegram-bot-chat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 12:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are broadly consistent with a multi-bot Telegram coordination helper, but a few operational mismatches and the self-propagation instructions warrant caution before installation.
Guidance: This skill is plausible for coordinating multiple Telegram bots, but review and take these precautions before installing: 1) Inspect the skill directory contents (it's copied verbatim to other agent workspaces) to ensure there is no hidden code or unexpected files. 2) Run the deployment/copy script in a controlled test environment first — the script writes under /root/.openclaw/workspace* and may overwrite or add files in other agent workspaces. 3) Ensure you control all Telegram bot tokens (channels.telegram.accounts entries) and do not paste credentials into untrusted places; the skill expects each bot to have valid botToken/accountId configured. 4) If you do not want the skill propagated automatically, do not run the copy loop; instead copy manually to only intended agents. 5) Prefer installing and testing on isolated or test bots before rolling out to production. If you want higher confidence, ask the publisher for the full skill file tree (not only SKILL.md) or for a signed source/homepage so you can verify provenance.

Review Dimensions

Purpose & Capability: okName/description (multi-agent Telegram coordination) match the instructions: the file explains using sessions_send and message calls and requires each bot to have Telegram account configuration. Nothing in the SKILL.md claims unrelated functionality (cloud, AWS, etc.).
Instruction Scope: concernThe SKILL.md tells the main agent to copy the skill directory into every /root/.openclaw/workspace* instance, which gives the skill an operational vector to propagate files across agent workspaces and potentially overwrite files. It also relies on internal platform tools (sessions_send, message) and expects channel configuration entries (channels.telegram.accounts) but does not declare those as required items. The instructions do not ask for external exfiltration, but they do assume access to the host filesystem and write permission to other agent workspaces.
Install Mechanism: okNo install script or binary downloads are included (instruction-only). That lowers risk because no remote code is pulled or extracted by the skill itself.
Credentials: noteThe skill does not request env vars or credentials in metadata, but the instructions require each bot to have Telegram botToken/accountId configured in channels.telegram.accounts. This is operationally expected but there's a small mismatch between declared requirements (none) and the real need for bot tokens in the agent configuration.
Persistence & Privilege: concernalways:false (good), but the provided deployment steps explicitly instruct copying the skill into other agents' workspaces. That is a legitimate deployment action for a multi-bot skill, but it also enables a skill (or its files) to be propagated automatically across many agent instances if the deployer runs the script — verify you intend this level of distribution and that files won't overwrite important data.