Skillv1.0.1

ClawScan security

Persona Channel Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 12:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it only generates persona/channel docs and a cron job snippet for deploying an autonomous Telegram channel and does not request secrets, binaries, or perform installs.
Guidance: This skill is coherent and does not request secrets in chat, but before deploying you should: (1) never paste your Telegram bot token into chat — add it to your OpenClaw instance configuration (openclaw.json) and keep it secret; (2) ensure the bot token has only the permissions it needs (posting) and that you control the target Telegram channel; (3) review the generated cron prompt for the persona name and escaped characters to avoid malformed JSON; (4) test with a private/test channel or a test bot first to verify behavior and rule-following; (5) confirm the container/path in the instructions matches your environment before editing system files; and (6) periodically review published content and memory files (published_topics.md) to ensure no accidental leakage of private data.

Review Dimensions

Purpose & Capability: okName and description match the instructions: the SKILL.md guides an interview, produces SOUL.md, CHANNEL.md, a cron job snippet, and sample posts for a Telegram channel. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteInstructions remain focused on persona creation and deployment artifacts. They instruct the agent to read/write workspace files (SOUL.md, CHANNEL.md, memory/published_topics.md) and to produce an OpenClaw cron snippet that will instruct the runtime to publish to a Telegram channel. The doc sensibly warns not to accept bot tokens in chat and to treat user-provided content as untrusted. Minor operational note: the guide references pasting the cron snippet into a container path (/home/node/.openclaw/cron/jobs.json) — that is a deployment instruction for the user, not an automatic system access, but users should confirm paths match their environment before pasting.
Install Mechanism: okInstruction-only skill with no install spec and no code files. There is nothing being downloaded or written by the skill itself.
Credentials: noteThe skill declares no required env vars or credentials and explicitly instructs not to paste bot tokens in chat. Real deployment will require storing a Telegram bot token on the user's OpenClaw instance (e.g., in openclaw.json); the SKILL.md correctly warns about this — users should store that secret securely and give the bot minimal posting permissions.
Persistence & Privilege: notealways:false (default) so the skill is not forced into every agent run. The produced cron job, if the user deploys it to their OpenClaw instance, will enable scheduled autonomous posting — expected for this use case. Users should be aware that deploying the generated job grants the runtime the ability to publish posts on the configured schedule.