Back to skill
Skillv1.0.3
VirusTotal security
Tg Notify · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:20 AM
- Hash
- 351b1ae682bdf13804f3736738523ec17c4bc7a43272a2f05e8282447ed6b469
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tg-notify Version: 1.0.3 The skill sends Telegram notifications by reading a bot token from the local `~/.openclaw/openclaw.json` file and executing `curl` commands. While the functionality aligns with its stated purpose, the use of shell commands with dynamic placeholders for user-provided messages and IDs poses a risk of command injection. Additionally, the skill requires high-privilege access to sensitive configuration files to retrieve credentials.
- External report
- View on VirusTotal