Towns Protocol Skills
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: towns-protocol Version: 2.0.0 The skill bundle provides comprehensive documentation and code examples for building a Towns Protocol bot, covering SDK usage, blockchain operations, messaging, interactive components, debugging, and deployment. It consistently promotes good security practices, such as verifying blockchain transactions on-chain before granting access. All code snippets and instructions are aligned with the stated purpose, using standard libraries and tools without any evidence of data exfiltration, malicious execution, persistence, or harmful prompt injection attempts against the agent. The use of environment variables is for bot configuration, and file access examples (e.g., `readFileSync` in `references/MESSAGING.md`) are for legitimate bot functionalities like sending attachments, not for arbitrary file access or exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these secrets or the gas wallet are mishandled, someone could impersonate or operate the bot and spend funds available to it.
The skill instructs users to provide bot credentials, a webhook secret, RPC access, and a funded wallet. This is expected for a Towns bot, but it grants account and transaction authority.
APP_PRIVATE_DATA=<base64_credentials> # From app.towns.com/developer JWT_SECRET=<webhook_secret> # Min 32 chars ... bot.viem.account.address = Gas wallet (signs & pays fees) - MUST fund with Base ETH
Store secrets outside source control, use least-privilege bot permissions, fund the gas wallet with only what is needed, and rotate APP_PRIVATE_DATA/JWT_SECRET if exposed.
Bot code based on these examples could move tokens or trigger on-chain actions if the recipient, amount, permissions, or trigger conditions are wrong.
The reference includes code for executing blockchain transfers. This is central to the stated blockchain bot purpose and is documented with receipt-verification guidance, but it is financially impactful.
const hash = await execute(bot.viem, {
address: bot.appAddress,
account: bot.viem.account,
calls: [{
to: targetAddress,
abi: contractAbi,
functionName: 'transfer',
args: [recipient, amount]
}]
})Require explicit user/admin checks for transfers, validate recipients and amounts, verify transaction receipts as documented, and test on non-production funds first.
A user following the setup will trust external package contents and dependency resolution.
The setup instructions pull an external initializer and dependencies. This is a normal, user-directed SDK workflow, but the docs do not pin package versions in the snippet.
bunx towns-bot init my-bot cd my-bot bun install
Verify the package/source, review generated files before adding secrets, and use a lockfile or pinned versions for production projects.
Chat content, user IDs, and channel IDs may be sent to the bot service and stored in logs when broad forwarding or debug logging is used.
The docs describe forwarding all messages to the bot and logging message snippets for debugging. This is useful for bot development but can capture private channel content if enabled.
"All Messages" = everything (required for `onTip`)
...
console.log('[onMessage]', {
userId: event.userId,
channelId: event.channelId,
message: event.message.slice(0, 100),
isMentioned: event.isMentioned
})Use Mentions Only mode unless all-message access is truly needed, redact or disable message-body logs in production, protect log access, and keep JWT_SECRET strong.
After deployment, the bot can continue receiving events and acting under its configured permissions until stopped or revoked.
The deployment guide runs the bot as a persistent webhook service. This persistence is expected for a deployed bot, not hidden or self-propagating.
Set start command: `bun run start` ... Set webhook URL in app.towns.com/developer to Render URL + `/webhook`
Monitor deployed bot activity, keep a clear shutdown/revocation process, and remove webhook URLs or rotate secrets when retiring the bot.