Back to skill
Skillv1.0.0
VirusTotal security
telegram-bot-chat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- b4dcd4d4d0bfc131f6489ef41320e62b3f11e3dcaabb4d1ad21be95705e20083
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telegram-bot-chat Version: 1.0.0 The `SKILL.md` file contains deployment instructions that instruct the OpenClaw agent to execute shell commands. Specifically, the script copies *all* skills from the main agent's workspace (`/root/.openclaw/workspace/skills/`) to *every other bot's workspace* (`/root/.openclaw/workspace*`). While the stated purpose is to enable multi-bot communication, this broad propagation mechanism could inadvertently distribute other (potentially malicious) skills across the OpenClaw environment if they were present in the main workspace, representing a significant vulnerability in the deployment strategy.
- External report
- View on VirusTotal