v1.0.0

public-media-curator

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 9:01 PM.

Analysis

The skill mostly matches its media-curation purpose, but it under-declares Telegram credential use and asks for broad OpenClaw/native-command setup that users should review.

GuidanceBefore installing, confirm you are comfortable enabling native skill commands globally, using a Telegram bot token/chat ID, and storing your interests in profile.md. Review the Telegram recipient, keep the profile non-sensitive, and clarify whether the skill may fetch extra page/RSS data or must rely only on the parsed film-list JSON.

Findings (9)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceMediumStatusNote

SKILL.md

The output is passed directly into the prompt. ... This JSON is the single source of truth.

Downloaded third-party catalog content becomes authoritative prompt context, with no explicit instruction to treat titles, descriptions, and links only as data.

User impactA malicious or compromised catalog entry could bias recommendations or try to influence the agent through text embedded in media descriptions.

RecommendationAdd an explicit rule that catalog fields are untrusted data and must not change goals, tools, recipients, or output instructions.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

format.md

If the runtime is available on the page, extract it. The publication date can be extracted from the `<pubDate>` element of the RSS entry.

These formatting rules imply possible page or RSS extraction, while SKILL.md otherwise limits the data source to parsed JSON, creating an ambiguous tool-use boundary.

User impactThe agent might perform additional network fetching beyond the advertised single-source workflow.

RecommendationClarify whether page/RSS fetching is allowed; if not, remove these extraction rules or state that missing fields must be marked unknown.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The package has no upstream source or homepage provenance in the supplied metadata, though the included files are reviewable and no hidden install helper is present.

User impactIt is harder to verify the origin, maintainer, and update history of the skill before installation.

RecommendationPrefer installing from a published source repository or homepage with reviewable release provenance.

Unexpected Code Execution

SeverityInfoConfidenceHighStatusNote

SKILL.md

curl -O https://liste.mediathekview.de/Filmliste-akt.xz
python3 scripts/parse_filmliste.py Filmliste-akt.xz --limit 1337

The skill executes a local Python parser after downloading data; this is disclosed and central to the stated purpose rather than hidden behavior.

User impactThe skill will run local code and write a downloaded file in the workspace as part of normal operation.

RecommendationKeep the command arguments fixed as shown and review any future parser changes before updating.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

README.md

openclaw config set commands.nativeSkills true
openclaw gateway restart

The setup changes a global OpenClaw command setting and restarts the gateway without scoping the change to this skill or documenting rollback/containment.

User impactA platform-wide native-command setting can affect other skills or sessions, increasing the blast radius of any unsafe native skill.

RecommendationEnable native skill commands only if you understand the global effect, restrict installed skills to trusted ones, and document how to roll the setting back.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

README.md

**No external services.** No FreshRSS, no RSS feeds, no API tokens. Just a direct download and a Python script.

This trust/privacy claim conflicts with the same skill's Telegram delivery and bot token/chat ID requirement.

User impactUsers may underestimate the external service use and credential exposure involved in running the skill.

RecommendationRewrite the claim to distinguish content-source dependencies from Telegram delivery, and explicitly disclose Telegram token use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Telegram is configured in OpenClaw Settings (bot token + chat ID).

The skill requires third-party messaging credentials and authority, while the supplied registry metadata declares no primary credential or environment-variable contract.

User impactRunning the skill depends on Telegram account/bot authority and can send messages to a configured chat without that permission boundary being obvious in metadata.

RecommendationDeclare the Telegram channel credential/capability in metadata and document exactly what the bot can send and to which chat.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

`profile.md` — the user's interests and preferred themes. Use this to understand what topics to prioritize.

A persistent workspace profile is reused as context on each run and may contain personal preferences or steering instructions.

User impactSensitive interests in the profile may influence outputs, and unauthorized edits to the file could steer future recommendations.

RecommendationKeep profile.md minimal, avoid unnecessary sensitive details, and protect the workspace from untrusted edits.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Send via Telegram through the configured OpenClaw channel

Final recommendations are transmitted through an external messaging provider, which is purpose-aligned but creates a data boundary.

User impactRecommendations and profile-derived reasoning may be delivered outside the local OpenClaw workspace to the configured Telegram chat.

RecommendationUse a dedicated bot/chat, verify the chat ID, and avoid including sensitive profile details in generated messages.