Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to send Telegram notifications and its instructions use the Telegram Bot API via curl — this aligns with the stated purpose. It also depends on node and curl (metadata), which is reasonable for the shown commands.
Instruction Scope
The SKILL.md explicitly instructs the agent to read a bot token from the user's ~/.openclaw/openclaw.json via a node one-liner and then POST messages to api.telegram.org. Reading a local config file containing a secret is broader scope than the skill's declared requirements (which list no config paths or env vars). The instructions therefore access sensitive local state not declared in the registry metadata.
Install Mechanism
Instruction-only skill with no install spec or code files — no code is written to disk by the skill itself, which is lower risk from installation mechanics.
Credentials
No required env vars or config paths are declared, yet the runtime steps require reading a Telegram BOT_TOKEN from ~/.openclaw/openclaw.json. That file contains a secret token (sensitive) and should have been declared as required input or the skill should accept a provided token instead. The metadata does list node and curl as needed, which is appropriate.
Persistence & Privilege
The skill is not forced always-on and does not request system-wide persistence. It does not attempt to modify other skills or global config in the instructions provided.
What to consider before installing
This skill will read your Telegram bot token from ~/.openclaw/openclaw.json and use it to send messages via the Telegram Bot API. That file contains a sensitive credential — the skill did not declare this config path or a required credential. Before installing, verify you trust the skill's source and that you want it to access that local file. Safer alternatives: ask the author to (a) declare the config path or require an env var in the registry metadata, or (b) allow providing a token explicitly instead of reading your home directory. Inspect ~/.openclaw/openclaw.json yourself to confirm what the skill would read, ensure file permissions are tight, and consider creating a dedicated bot/token with minimal scope for this use. If you do not want any skill to access local secrets, do not install this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk974813b5d5g21s7smdtjgymmd82w29c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.