ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

设计框架套件 - 主控路由

v2.0.0

设计框架自动生成套件(主控路由):监听群消息 @mention,根据状态路由到对应子 skill

0· 30·0 current·0 all-time
by@807209066
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Telegram listener + router + image generation) align with the included scripts: reading Telegram bot token, calling OpenRouter for prompts/images, and sending messages. Accessing the Telegram bot token and OpenRouter API key from ~/.openclaw/openclaw.json is coherent with the stated capabilities.
Instruction Scope
SKILL.md and scripts limit activity to: listen/route mentions, generate prompts/images via OpenRouter, and send messages/images via Telegram. However the runtime code reads the user's ~/.openclaw/openclaw.json for API keys and writes those secrets into temporary JSON files for subprocesses (KEY_TMPFILE, ENV_FILE). The scripts also rely on /tmp lock and state files. There are no obvious exfiltration endpoints beyond OpenRouter and Telegram API calls, and no instructions to read unrelated system files.
Install Mechanism
No install spec (instruction-only), and scripts are provided directly. Nothing is downloaded from external URLs or installed from a third‑party registry in the manifest, so installation risk is limited to the included code running on the host.
!
Credentials
The skill does not declare required environment variables but programmatically reads sensitive credentials (OpenRouter apiKey and Telegram botToken) from ~/.openclaw/openclaw.json. Reading those keys is functionally required, but the scripts serialize API keys into temporary plaintext files (e.g., /tmp/openclaw-img-key-$$.json, /tmp/openclaw-genprompt-env-$$.json, KEY_TMPFILE) which increases risk of accidental leakage if a process crashes, if /tmp is readable by others, or if cleanup traps fail. The number and type of secrets accessed is proportionate to the functionality, but the handling (plaintext temp files) is a security concern.
!
Persistence & Privilege
The skill is marked always: true, meaning it will be force-included in every agent run. Combined with its ability to read bot tokens and send Telegram messages, that increases blast radius. Note: disable-model-invocation is true (the skill cannot be invoked directly by the model), which reduces one attack vector, but always: true still gives it automatic presence and access to sensitive local config while running on the host.
What to consider before installing
This skill appears to do what it says (listen for Telegram mentions, generate prompts/images via OpenRouter, and send messages), but take these precautions before installing: - Understand that it reads your OpenClaw config (~/.openclaw/openclaw.json) to obtain your Telegram botToken and OpenRouter apiKey. If those files contain other secrets, review them first. - The scripts temporarily write secrets to /tmp in plaintext. If your system has multiple users or an attacker can access /tmp, this increases risk. Consider restricting permissions or modifying scripts to avoid writing secrets to disk (use in-memory pipes or secure file permissions). - always: true forces the skill to be present for all agent runs. If you don't want it always active, do not enable the skill as always-on; consider enabling manually or removing always:true. The combination of always:true and access to messaging APIs raises the potential for unintended message-sending. - Review and (if needed) change the hardcoded IDs in config.sh and ensure design settings (group_chat_id, bot_owner_id) are set deliberately. - If you are unsure, run the scripts in a restricted environment first (non-production account, or container) and inspect logs to ensure no unexpected network calls occur. If you want, I can point to the exact lines that read your tokens and the temp-file handling so you can modify them to be safer.

Like a lobster shell, security has layers — review code before you run it.

design-framework-suitevk978eqc760yjcktya2k3ewxthh85a7ndlatestvk978eqc760yjcktya2k3ewxthh85a7nd
30downloads
0stars
1versions
Updated 23h ago
v2.0.0
MIT-0
@807209066
design-framework-suitelatest
Download

设计框架套件 - 主控路由

本 skill 是「设计框架自动生成套件」的入口,负责监听 Telegram 群消息并根据当前任务状态路由到对应的子 skill。

套件组成

本套件共 4 个 skill,需全部安装后配合使用:

Skill职责
design-framework-sender主控路由(本 skill)
design-framework-builder生成设计框架 + 发群预览
design-framework-confirm处理确认/取消/重新生成
design-framework-generate生图 + 私发 + 完成通知

安装配置

1. 安装全部 4 个 skill

openclaw skills install design-framework-sender
openclaw skills install design-framework-builder
openclaw skills install design-framework-confirm
openclaw skills install design-framework-generate

2. 修改 config.py(唯一需要配置的文件)

编辑 design-framework-sender/config.py,填入自己的参数:

"group_chat_id": design.get("group_chat_id", "你的Telegram群组ID"),
"bot_owner_id":  design.get("bot_owner_id",  "你的Telegram用户ID"),

3. 启用并重启

{
  "skills": {
    "entries": {
      "design-framework-sender":  {"enabled": true},
      "design-framework-builder": {"enabled": true},
      "design-framework-confirm": {"enabled": true},
      "design-framework-generate": {"enabled": true}
    }
  }
}

openclaw gateway restart

工作流程

群消息含 @mention
      ↓
  [主控路由] ← 本 skill
  判断锁文件
      ↓
 ┌────┴────┐
不存在     存在
  ↓         ↓
builder   confirm
生成框架   处理回复
  ↓         ↓ 确认
发预览    generate
         生图交付

前置要求

  • OpenClaw 已配置 Telegram Bot
  • OpenRouter API Key 已配置
  • Telegram Bot 已加入目标群组

Comments

Loading comments...