Channel Reminders
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: channel-reminders Version: 1.3.0 The skill instructs the user to modify the main agent's `HEARTBEAT.md` file with specific prompt injection instructions. These instructions, found in `SKILL.md`, enable the agent to parse `accountId`, `target`, and `message` from incoming `systemEvent` payloads and use the `message` tool to send Telegram messages. While this is the stated purpose of the reminder skill, it grants broad capabilities to send arbitrary messages to any specified Telegram chat ID from any configured bot, which presents a significant risk for misuse if malicious `systemEvent`s are crafted by a user or another compromised skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A reminder may be delivered to an unintended Telegram chat or through an unintended bot account if the example target is reused or a scheduled payload is malformed.
The skill routes scheduled systemEvent content into a message-sending tool and shows a concrete Telegram target ID. Without validation or replacement, reminders could be sent via the wrong bot or to the wrong chat.
Main агент парсит accountId, target, message ... Main агент отправляет через `message` tool с указанным accountId ... target: 7977422300
Before using it, replace any example chat ID with the current user-approved chat, verify accountId and target for every job, and require confirmation before creating message-tool reminders.
Reminders can keep firing in future sessions, including recurring reminders, until the user lists and removes or disables the cron jobs.
The skill intentionally creates scheduled jobs that wake the main agent and continue running until removed or disabled.
Всегда указывай `"wakeMode": "now"` ... `cron list` ... `cron remove jobId: "uuid"` ... `cron update jobId: "uuid" patch: { enabled: false }`Review scheduled jobs regularly, set clear end conditions for recurring reminders, and remove jobs that are no longer needed.
Anyone who obtains the bot token may be able to interact with the Telegram bot within its permissions.
The skill references a Telegram bot token for discovering the chat ID. This is expected for Telegram delivery, but the token is sensitive.
curl "https://api.telegram.org/bot<BOT_TOKEN>/getUpdates" | jq '.result[].message.chat.id'
Use the token only locally, avoid pasting it into chats or shared logs, and rotate it if it is exposed.
A Telegram chat ID and routing preference may remain in agent memory and be reused later, including if the stored ID is incorrect.
The skill asks the agent to persist reminder routing details and a chat ID in memory, so future tasks may reuse that data.
После тестов **запиши в память** какой подход работает ... **Chat ID пользователя:** 7977422300
Store only the actual user-approved chat ID, avoid hardcoded example IDs, and delete the memory entry when reminders are no longer needed.